5af6e975f05f8ee01c133accb2fdcee45f05a8ae86cf06e48b95ddd371a6afec

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17/01/2024, 20:07

Target

main.py
Size

70KB
MD5

50fa1da9da98ae8f15fdc45d60dd6e63
SHA1

04d540885011cf8c8c057e0717e01c332ac91092
SHA256

5af6e975f05f8ee01c133accb2fdcee45f05a8ae86cf06e48b95ddd371a6afec
SHA512

5cd6375d9a91e129355e6f795824bb74064da5cb1937d45f48295f64ef0cf8838c235c040dc8bf846e7cea9d9855c9016809db6a71b1706e5826994090beda5c
SSDEEP

768:Ynt044hmuzrCmH56yIp2404sk6MbTXyA/JlTa/GkwFN88IGNmXO44LB9Z9n0xmVF:rGuzrC/2Dfk6MbTXymTiGntP0xOxSy

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2248	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\main.py
1⤵
- Modifies registry class
PID:5020

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact