087c633e355bc709222ad9e0dbad77abeed84f7e06dbdbecae84ba8b3660429e

Analysis

max time kernel
232s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

entry_point.pyc
Size

8KB
MD5

bb43005b33d1eb105d2ea71b110b400c
SHA1

6d8dafc84f510a2a4867fd108ecbced5d79b6871
SHA256

1a3feca818801c1d5b9271e47456f580f8cfcb29397c8c2bbe3c215ace737e4c
SHA512

5cc0c5a32d4ac86f37c81c87664e0a6344b5dd12f46594e403475ddadbc43fa18f3418a13d7fad5102c6a127447c106ec042c8436a09f0dbdf6a0db75b69ab49
SSDEEP

192:p8j7GO+wFxWYrZFezL5enk/CgD4yZ0tODq6uBdO8NMs2JjfRZF:pBO+wFlrnezL5enk/dnZVDq62o8NL21p

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4864 OpenWith.exe

pid	process
4864	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\entry_point.pyc
1⤵
- Modifies registry class
PID:4416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads