42d3445f936aa637139d15f6a2238a5d53b145d5938255daad1b81fd2a1aa153

Analysis

max time kernel
130s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 14:25

Target

Hornynite-0.14-win/lib/python3.9/__future__.pyc
Size

4KB
MD5

7601462b5b8ac8253d3df7e376b70497
SHA1

2c4972450b267ecda76b715df90025b97fec656a
SHA256

503225472b86ea58bea49743fe2a9a9ca3996c44a6adf41866c0f86a2f859344
SHA512

2d3c8c05b8e54f25dc779249f031e2ca2ecd0137dd1f8aa444f4bc8bf43fff248ce50c316c91e81ac8bb88bc5c173083e0f059a914112ccaa0d87adf28f8bfc0
SSDEEP

96:hg1NzUuGd+P2sKNwWKD2j82xnCg8Q/Ks/qN+Bj0ui:k4BRdKD1YCM/KsSN+Bj0ui

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4580	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Hornynite-0.14-win\lib\python3.9\__future__.pyc
1⤵
- Modifies registry class
PID:212

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact