49a717242cc9a56795685e8fd5a3bb23d2f84b9af5e574a86af86297c1006aaa

Analysis

max time kernel
315s
max time network
412s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/04/2024, 21:13

Target

Harry Claimer/UTg/UTG.py
Size

2KB
MD5

07a63232e2098d4383152dbcc4dbb9c4
SHA1

90a16c45fb83ecc600f95b2cd440a51c8905b1ca
SHA256

a142a7737293b5e470e8cc39c76a7c54510bd5fa8e34a75dd4691e7fb39806ef
SHA512

75c43111c70a3a76b2d1897fb18d625220e3cee90ef1baf6096d2fe734f15536c80e6fa2692b763f20dff1b9439c291a8dc12f292f5c6fdb04cd87b33de5b149

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2768987046-1485460554-1347040953-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2768987046-1485460554-1347040953-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
220	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Harry Claimer\UTg\UTG.py"
1⤵
- Modifies registry class
PID:1596

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact