0bbd8739b38dac925b15fdcfa9ed19ba8d9b07829121f68ba92852d15b5904a9

Analysis

max time kernel
15s
max time network
24s
platform
windows10-1703_x64
resource
win10-20230915-de
resource tags

arch:x64arch:x86image:win10-20230915-delocale:de-deos:windows10-1703-x64systemwindows
submitted
22-09-2023 13:50

Target

main.pyc
Size

22KB
MD5

a17affd3f59277f6d701782b09ecc90f
SHA1

6ab4597452853988450b4f1ab280d272f01d2392
SHA256

4575fa03991f8899b49c357b5699c9b4cd48b93f9e8495d02c3010c2c0ee196b
SHA512

dcc1b0d30f07c69cb3d95882338bb102188ba031a87d7e9286db9d6e9a1d4a9bacd4c4e03f4967656b08dbdf0bef71f2f76e075f8bc7a9f76505848f9c9d99c2
SSDEEP

384:6ChogG/YRhh7hiPThB9IZ+FJW2pLX0rzr80paZeGFm4SMYR2zLEwhw1MMf5Ly68N:6yMCeOf8waoGFuM7Lw1w69u

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3576	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc
1⤵
- Modifies registry class
PID:5088

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact