8535bf184614863ee2aaf9ddb3572b0439945d51f25ba80b007f35cd59b79dd6

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 20:09

Target

content/avatar/character.rbxm
Size

26KB
MD5

dd57193b0b60e1caf22544e05bfa180f
SHA1

8abbfa60241ee266cc76bcfea1cd7bc1fadec4da
SHA256

d8fc2950ab9fa5762838d3c09af5e35d01749cbd5d4b67e1b829091619291208
SHA512

fdc4ab94fa50c34d9a751aa250b0936416d571163e0846602f255bb3ec59984bfb015310457ecfe1fcd893cadf912d8199f29cf3c0a4a6d774332d15ea34090d
SSDEEP

384:aj61+KQmElpBpbpopsWGYipXpAZpnpBpR8prpyp9Y1Xp7pqUd1dpPpdi13pN31ae:ajMI/NysDZA3p/RGdY9wtqUfxdkN279C

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4292	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\content\avatar\character.rbxm
1⤵
- Modifies registry class
PID:4824

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact