dcfe168ca869fc3631de17fe0c36df34a43be0b85a34c06df933ff5b0f5ec21c

Analysis

max time kernel
144s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 19:17

Target

BO2 TU18/en_patch_loc.ff
Size

180KB
MD5

55ccf72da233d11dc5d3fa59044aac94
SHA1

d715e141fe09cf967e6f3a139ff090ac5067294a
SHA256

1c2fa1622b28e08e0c80e136be80c0a2b41f51253edfce766050057fd37183d1
SHA512

bc1fc769f2829b2540afda088b257c3d640a57f1e8f1e4a83b8444f49ef5470e553391703e56da5838e63ec95e6b6c9a4dc8172ea7b0cd49466fafc57fe51679
SSDEEP

3072:BMUUc/k7UbFgUV/w5hQ0Zd7fr33qWnRxnmI/gjGoi2e/fVeelDizo43GTS4ie7wR:BtUcMYbFgUd2hQid7JRxmILl9BlDizoM

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3972	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\BO2 TU18\en_patch_loc.ff"
1⤵
- Modifies registry class
PID:4900

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact