42d3445f936aa637139d15f6a2238a5d53b145d5938255daad1b81fd2a1aa153

Analysis

max time kernel
137s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 14:25

Target

Hornynite-0.14-win/lib/python3.9/_bootlocale.pyc
Size

1KB
MD5

25cd8310c27834d830e9d5e3bf331f10
SHA1

718b7e30a2009d554a628c1e9b3aa33ce5df73a4
SHA256

f44c741b071d68fbe32e8f27fec6e18a42541a7bbb1ccad03fcb5582a8ab987b
SHA512

0879d2297a145f58e00df1032c8c2f73f3cd6a441516b51d819de693fdcd61581d03dbba28d01f4b31b285df6d4f8bbc98390e321b1f67ac5540310b8ed685aa

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2252	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Hornynite-0.14-win\lib\python3.9\_bootlocale.pyc
1⤵
- Modifies registry class
PID:3068

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact