cbd33d7ba3b8ef4562c696e1b70b5e71faded4cfb6b18b5f4c3d2eae20abf872

Analysis

max time kernel
47s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NetflixCE V4/NetflixCE/autorun/DotNetInject.lua
Size

7KB
MD5

019537c21e839ed2dcf6372d4ee5437d
SHA1

c70622fbd9922a1f98ea100dadb1cdaf73a407df
SHA256

f93774c321fe590b26f6838889654b7639d251e0190e3509c3e50556ba0d7989
SHA512

9cb3a81c77aea77cd12b87fe981b06096760da6d32f83b856a454f30d88067710261f6ded11a75c01181d8a789b6d39c9861f03f237a1da36cc0801168e222a3
SSDEEP

192:YyiTmTvRu8ff5A3bvoZjCEA5Ugcyqoeg0Ex:YxmLRu5ga

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

3356 OpenWith.exe

pid	process
3356	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\NetflixCE V4\NetflixCE\autorun\DotNetInject.lua"
1⤵
- Modifies registry class
PID:3144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3572 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4772

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads