97edea8bc010bdce4a0d3a732e16bf1390fcfeba1845f87610927eeda2a4d5f6

Analysis

max time kernel
91s
max time network
201s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10-04-2024 00:25

Target

Byte-Stealer-1.3.1/discord-logger-help/Help.md
Size

1KB
MD5

5bb7502a05235d144d688e6c065cae0b
SHA1

1e79fce8ecb2aebcc03ac218fc9f8341d972756f
SHA256

6a65eab84773f6d4373bd13ec5c9155a9b7f014a93a0ad328d419fad5ead5c2f
SHA512

67d9d8243ac8a335d0de54545c1a06310968f14e27c5e04217a11d0b5f86e5d0c1f4b90c54e2f1958c03bb3765aef3e0a3a52b4a158aba0cbeb3a1bf706d7da2

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1684	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Byte-Stealer-1.3.1\discord-logger-help\Help.md
1⤵
- Modifies registry class
PID:4808

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact