eb71dad7e3c7fc10f128a9f4c1aebdb527eb4192e3525010322559ca9b63d610

Analysis

max time kernel
137s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 23:38

Target

locales/ar.pak
Size

184KB
MD5

3a8a7a08fedb148ebee6d3300356e37a
SHA1

2e9ac1ea8b6396b909f823486538d5640ddcaa1a
SHA256

43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78
SHA512

7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181
SSDEEP

3072:QeqH2KNRpqhXUJXFxnw+7zF+hFBM2S2xHMuZtE9P6N9/fpK1P/X21MgSENKKSI1R:QeeNR8+7IpLMgSENuiTI1Zi

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4924	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\ar.pak
1⤵
- Modifies registry class
PID:2404

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact