072e244f3c1e865c53ed271f58be1dacc8263bbed3d94c6a95c17572f38a84eb

Analysis

max time kernel
106s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2023 04:23

Target

System Runtime Monitor.pdb
Size

12KB
MD5

8db1569300b907f7cefe249d3905356d
SHA1

e2f726880a8c60a9bd1d8afbd8c4817c05690e88
SHA256

e511dcbe6a8616857e99241b372b7981ba44fa9ce9f3a5de9c5fc224edaee751
SHA512

1914d8e5c6e77dff19fd1cab5b1753ba6c3a1014797cab79964e3eb93ee9463ee8b337579675afb4455c4775f3d5a3e71cbd9f4552f0c4733b0e6eeb67dd80b5
SSDEEP

384:RHsK1oPAu6pGjua7O502X5pyPAjcDQ0TPJHufMJuXnSkDo0:FsK1oPA4BpXS7

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4232	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\System Runtime Monitor.pdb"
1⤵
- Modifies registry class
PID:4752

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact