1f61a00098aa3289292f24082350a20e813bd70cfe642f4b376f67221d0462cb

Analysis

max time kernel
12s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
19-09-2023 19:37

Target

5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e.au3
Size

254KB
MD5

26893a46de61332fd08820d5dc56cd19
SHA1

f446cbbfa04ec856431938d4beb408de4528865c
SHA256

5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e
SHA512

3f5cfe72fe125a34d5a8377a50b9730e9caaf566d7ec46899e18be37d1e691a2f6f0c3e61943e789c3002b4ae33ce23a1091fb4a7cb5a66158b0b7822b0a0ebe
SSDEEP

3072:PhxLTtzB8idj7wRBMvmbVLWYuRkLXJaXfJw5JEndyhtfZffqGBevDhb6imfMGsjW:PFXjmsRkL00JRtdyz71KBgASYUO

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 17 IoCs

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e.au3
1⤵
- Modifies registry class
PID:2296

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact