6f9cc7c6fbb7c8349d4eb67b242acbb7ebe23d44423282c8a3ea04386d0a6526

Analysis

max time kernel
130s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 15:57

Target

WFWinXpGf_m-1.0.1.xpgf
Size

514.9MB
MD5

6f7a8ec78eea8fa6c78d3bc88eeab97f
SHA1

adba08e07ee495bc5376480a49f4c831c4aee78b
SHA256

6f9cc7c6fbb7c8349d4eb67b242acbb7ebe23d44423282c8a3ea04386d0a6526
SHA512

5a05e155ea5d81f28d8ee3f0d11ccf488f540e47e47c21d154984990d25a7ee118279807791fe2630ccc7c47a2e7e9b8a7359b1ef24d062bd8c60d846dba88f0
SSDEEP

12582912:f0pexr3FXJPX7N/DtPSp5A1BUcyPY+lz6OxFJW:SexrHrpxQ5MBuluOBW

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4608	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\WFWinXpGf_m-1.0.1.xpgf
1⤵
- Modifies registry class
PID:4528

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact