a51dd83fb2f8ab618515855475f83188b18872db105b624ec4f40a444e09e818

Analysis

max time kernel
132s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-uk
resource tags

arch:x64arch:x86image:win10v2004-20240226-uklocale:uk-uaos:windows10-2004-x64systemwindows
submitted
15-04-2024 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

platform-tools/systrace/catapult/common/battor/battor/battor_wrapper_unittest.py
Size

13KB
MD5

e41fab7141cd0516d3a20b342bd83957
SHA1

dfa32ae0417b76ed4f5fb81334b74fcf2fe6a146
SHA256

c8eb91f0d2b7ecd7a2dd32416d8068d9f1154f68899ffeb6800b341048b462d1
SHA512

822d07458fe261158a118b794f6e3c1ec6c9bf9941d3c5f505321c5a1820f688c16fd45d9dafdc3947f790bea32551a696f25f1539efc7df953288a9dfc41530
SSDEEP

192:S+gTLCAcAXAMBYhuAdAAcAk6Vooj6ASE1OAS7DKtwQrS+O3ZTrb9KPVvDoIskeFH:SwMU2voq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

3400 OpenWith.exe

pid	process
3400	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\platform-tools\systrace\catapult\common\battor\battor\battor_wrapper_unittest.py
1⤵
- Modifies registry class
PID:1528

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=uk --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5664 --field-trial-handle=2056,i,2925031861192830535,7089573117439845640,262144 --variations-seed-version /prefetch:8
1⤵
PID:3376

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads