dcfe168ca869fc3631de17fe0c36df34a43be0b85a34c06df933ff5b0f5ec21c

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 19:17

Target

BO2 TU18/common_patch_mp.ff
Size

742KB
MD5

1c27e5da7bd8442439aed418e3305326
SHA1

604098af095fd43cfa4b3791f7060a982f68b011
SHA256

6cd7e66a9d2abc78120049ea24b4a8db0abcc3b6a143d481d05b6239c9379af4
SHA512

01d8ed342425e665b52a84520190fc4d2a674d46226b240565bbff20a7231bd6269dd35aec57fc578aa75c23021b8641c38f409cf78ec3a07878362b169a851b
SSDEEP

12288:LJ+9SCD9gGALD90CpLeetXAtVE43tsxpRSAoJEZX1vbQ3ZzwFv4b2Op/iKp6zVIh:dBCBALuC5eeWcUyxiwZFzQJsFwSYSzVx

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3864	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\BO2 TU18\common_patch_mp.ff"
1⤵
- Modifies registry class
PID:112

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact