b20b682bccf264fb5cafa0f9379f597e5786aecdd17a7064f5ed4f4cd7a10924

Analysis

max time kernel
113s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Temp-Spoofer-Lifetime-main/imgui/imstb_rectpack.h
Size

20KB
MD5

f63ce0be310a45a733df420c9e0a1309
SHA1

fe879a1c667936b33a268c5498010bb42229dcb4
SHA256

a53bcd85861ff53ca1526407db1f6fd2ad619636327dcf1e6318f33e545068dd
SHA512

6b9302d640dd15de0aa14b9e0d25e4cefaba865b1b12a0e8a5230ef6c3e03a0ed253618c487573099ba1ce1aa0d0dbab8464e7e77696a1bd53f008102d50ef9e
SSDEEP

384:/E/y6kzHSyJm8Ss6Ra+Kid1zNOHxR4ZL/8FreybFre3ks06Y4LG:/e6zyyc8Ss6Ra+KjxRS8FreybFreUWYV

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2500	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Temp-Spoofer-Lifetime-main\imgui\imstb_rectpack.h
1⤵
- Modifies registry class
PID:2972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3976 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads