4b6720da09a9ed70f92e2d6c0b6dc8b542e625d7bfdc7507da3febc77dd2cfea

Analysis

max time kernel
143s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 11:27

Target

Bin64/cccmanifest_64.json
Size

188KB
MD5

55f578b639666e759c81fa0a8f3e2696
SHA1

4bef2bb8ce71134974f557930153378a59a5174a
SHA256

895b088a4d1438a3436ff9aa1e217a104a2a25ecd18d653cffb4a6978211655c
SHA512

046fc769c014c006cefc3ec3b630da570eb4b8994ee25ef1580f4fd503006dca5210d4ec8e46b5643f6d39407996fcc3a31c1f3fb1800f9f282ef982a689af54
SSDEEP

384:B/UvHq0jydlK/UvHq0jykbN/UvHq0jy/C+c0jyu:Mq0jytq0jyPq0jypc0jyu

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3848	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Bin64\cccmanifest_64.json
1⤵
- Modifies registry class
PID:4912

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact