Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
19/02/2024, 01:48
General
-
Target
Slime Pack/ModelEngine/blueprints/slime_triple.bbmodel
-
Size
129KB
-
MD5
dcb97f9a78b973c8a3c8f9d81cca0e7f
-
SHA1
0d5e7c55f6fcaf9ce7e2c041d505e3d23091375e
-
SHA256
e0cad498b254349b26712f84f141085e44b83f5c2b746e0b839dff19efbf24ac
-
SHA512
6bf93a9eb8a90f466b2580035077ede5c0ad3759cf3983bb68d4ca1fdea37a720516c72bb5a0fd6044507d01a7897c0f51d8607887b71450577bbdbc226d8249
-
SSDEEP
1536:D801g0zmUahvuJsHrOckgnyVsMu0HJbPHRVqRAlIEoPxs/mFpz4AV2SjIBvUEY+Q:VrJ0S/Mj
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Slime Pack\ModelEngine\blueprints\slime_triple.bbmodel"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx