eb3a0dde867994262fd22df0f5011cda8f7152a43da08b9a52c25d7f24bc24c2

Analysis

max time kernel
43s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 05:26

Target

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ocb.pyc
Size

20KB
MD5

1ae7bfb9cc903be64fc54f384701ca0e
SHA1

cd763c65da1e1e8b4ba87878e7d29cc62be4f50f
SHA256

9629cd2c8d56d3b0bb2cbb0dcd3600ceabf53f88b20c6f5935828d28f77b4713
SHA512

f272bcddef69d88116af9c440197775aa0d45b854830cad5b8be8006bea3d1f81a3665d8c1b61eb97247dd6883cbfebdb53939d1e8e06ef64db22cee467a4721
SSDEEP

384:cCqHG+qi2jbRJF44h3R422oD9eWWEne47l8vadgETqZr0Tx19j57:cCsG+qJfjhBYZQqa9qhmD9j57

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1176	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\exe.win-amd64-3.11\lib\Cryptodome\Cipher\_mode_ocb.pyc
1⤵
- Modifies registry class
PID:4728

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact