eb5fdc8c742388b5b5bd849be8dbe3e05ad90d644e14941f978a5693b6897ad9

Analysis

max time kernel
1337s
max time network
1168s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
29/03/2024, 15:19

Target

gdi virus/gdi virus/x64/Debug/gdi virus.obj
Size

112KB
MD5

a2e726894fe3fcc1415f765459115a2b
SHA1

da2d581ccab9e56c7c5ccc23a1125c2980367e89
SHA256

aefbf0771f21c685071db046b28c260528844ca67edd495692fa23052044e360
SHA512

31533d5d6a95cf2e64a083585e8dabb2773d5738f0d9c58678c381e3fc10e915369797bfa419362392ba808cb7de7b505256039c69d160a9efdb420e96fa1ecc
SSDEEP

1536:8QGYkYeVomG8OJjwZ4LH6TdhIu4GfKSywMm/fu:1u1V5DOJjwOmTVv3u

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2800	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\gdi virus\gdi virus\x64\Debug\gdi virus.obj"
1⤵
- Modifies registry class
PID:1208

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact