290350bd850be1075d143325901005bfa6f6163e79aec5902910345f5c5078cc

Analysis

max time kernel
140s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TheCyberTronn/OreInjector/Items/diamondInj.class
Size

3KB
MD5

7d1fe27a2a8907ee20c6547c4e9650e7
SHA1

9484a4fa0c0b7adb67206eef557e7c6c412a998c
SHA256

af6b873dc6948098a3ee091b8dce0747c258f81912ba3ec3d181e6d83c86f549
SHA512

e9c92e30f24fb07768ff42c18d0ba19dae0c8644e66070fc517c6d25bd38cddb92a2f2a6e3f095e8aed8f2aecd8dc4aa172f3c65b2063c9a79db290e109f970f

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2736	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TheCyberTronn\OreInjector\Items\diamondInj.class
1⤵
- Modifies registry class
PID:1196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4332,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=3128 /prefetch:8
1⤵
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads