118b225a175e6ad0ca88270f0705b58c21bee2518a23f31564e557d2c1a699af

Analysis

max time kernel
88s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
12-05-2024 06:57

Target

pydllinjector/__pycache__/wintypes_extended.cpython-311.pyc
Size

846B
MD5

5d519a63c000c7e29966dec8a61cbaf3
SHA1

1219ac1f70073f5e08a3fffc4268b6fb8acb6678
SHA256

d5b69a8c0b2f8d9455865d6d74d18ccb0f3cd090207bb48ea8c67be0c04185a0
SHA512

2af966c439b1af1f20f9b4c33a8ac3fe5d66e83a87cf116e4a5b43009e956db84ad203308eecdf06870b249254275794217703685a003a0d5bd89cdfe1429829

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3436	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\pydllinjector\__pycache__\wintypes_extended.cpython-311.pyc
1⤵
- Modifies registry class
PID:3996

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact