b67525bc7bd67a1828012580601147bc094e7724099158b753360f3b29329541

Analysis

max time kernel
233s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ragib's Website Project/font-awesome-4.7.0/less/variables.less
Size

22KB
MD5

be3f6eed38aa909483e1bd9ee0876e80
SHA1

8a5c800747705df16117cc598c1b9f512e873bfe
SHA256

e3717422976292d8fdc4b2a9ed02b8d0be55ad50b86e9bff74761e5ccf94b839
SHA512

1691b468571a87081a892621941b3f0f954a3c5a4c588811b329e092bae28a8946f4e0ed5c440c7bd4248d3aa31c3be26867d28771703cbca41cedf5f3f3fc72
SSDEEP

384:o9ktHGpE4HE4NzNhuEvJ3Qv0w97NvqgBOMy:o9ktHGpE4HE4NR7vJ3Qsa7NvqgBOMy

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4080 OpenWith.exe

pid	process
4080	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Ragib's Website Project\font-awesome-4.7.0\less\variables.less"
1⤵
- Modifies registry class
PID:2860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads