48261fdcf568067be754fc24035bc0e90d76458c3b556fdd5a3c3644237a45ad

Analysis

max time kernel
23s
max time network
33s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
25/01/2024, 06:46

Target

main.pyc
Size

7KB
MD5

ca32c07492a1fada864d095da592bd7c
SHA1

4d6fa7821cafc7fc509e309e9ae3e288270d79f9
SHA256

7309889358df58bf1ddde149d3d3be2befb63a281299e0e45eee00164e96f796
SHA512

34cbe99a24ec3f8857b66840494bd2bc655bee73a9b21354aed43ba9c1076cf944cd5180eb5fc32d8217e85b3e65082faa14bfd3d0673595e9fec7fd515b7637
SSDEEP

192:wtLkD8QhYWdXwGYFQaISovJhwJni4MdwhMYnw:CLVWuTF2S+2JBPzw

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
512	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc
1⤵
- Modifies registry class
PID:3924

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact