3b3edb59abd7776f48633dd05c8bcdbc24a723dff89bd06f4f2d134d4df8f5db

Analysis

max time kernel
146s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 07:21

Target

Project-Alice-1.0.9/ParserGenerator/CMakeLists.txt
Size

1KB
MD5

6943091f02557947ae217092b4b60caa
SHA1

9e1550a1d4b0647d2f6d17fbeb516e8802221ed1
SHA256

2d63b183a934fd70b7d7c36daddba1aa752370ecc09ea609a61a482817b05ebc
SHA512

19ef46effef781f00616959b0186eb21ec534047e0824766983d11450beeec85d2843bd9f10fb19181ea52b8794faab006c43505d65b35d49508810104512a84

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	cmd.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 2496	4696	cmd.exe	82
PID 4696 wrote to memory of 2496	4696	cmd.exe	82

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Project-Alice-1.0.9\ParserGenerator\CMakeLists.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Project-Alice-1.0.9\ParserGenerator\CMakeLists.txt
  2⤵
  PID:2496

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact