baf77681223525bce1b7ff865cce029437da3f52baf917113813f9eb948cfe31

Analysis

max time kernel
44s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 11:55

Target

bin.7z
Size

556KB
MD5

99626bf73b438a05718a960492c036e9
SHA1

cddbbb294c39b882937816bc15fb604efac39911
SHA256

baf77681223525bce1b7ff865cce029437da3f52baf917113813f9eb948cfe31
SHA512

e530c8f689769325bb9a003060cfedf3e43c10725933f640dbe5806c04bc286ab25f50574e9e763d9b12020918125257a801de2d00c555c9a68d3e8978543bd4
SSDEEP

12288:daiGGq9DjgP6wTkxAk+yZtbHPI8nLU86LCSxdORI+Mw/iv9/PGxe:kiGGYjgS9AuZ9HPI1eSPOi+Mw/iZZ

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 17 IoCs

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\bin.7z
1⤵
- Modifies registry class
PID:4516

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact