474a954db22d448c89cef026241c83f1a457d1b0550dcfc68a7ac221ff6c2abc

Analysis

max time kernel
316s
max time network
1590s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03-06-2024 22:43

Target

Code.aspx
Size

8KB
MD5

d704c486b6eed1ea0fc4b25a7d764709
SHA1

665bf109b2c415d487487690c6cbbbee563025af
SHA256

474a954db22d448c89cef026241c83f1a457d1b0550dcfc68a7ac221ff6c2abc
SHA512

de772377a1d605f9716620617040980374d07af28d3dfa0e4e64e2a14374edf2c3d9dc3153da54f7e679d20ea2252446cf6708d1b0dd1d3a3d1c01c7073aee8a
SSDEEP

96:3FKW7gfdiGsyr0T0SWYk79H8wBLbjXmLpQ2HetDwUKTLFuiKl:3Kfdjsyw4SWYk79cwBLOL3HIwU0LvKl

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1852	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Code.aspx
1⤵
- Modifies registry class
PID:2948

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact