de2cf51d8af4527f759581119a39d279ee0253b6a2dc8c9871e2b7565295cf6b

Analysis

max time kernel
1352s
max time network
1172s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 17:57

Target

doxsteazy/main/osint/doxsteazy.py
Size

15KB
MD5

6a5ded4ad22d774329125da4370f2360
SHA1

a57e8b3b0df0ba403f7d5891342010ce598f8e3e
SHA256

46b320c88839843aaaedea1d43b01bde7c7522af37bfba6fb738751c431fe972
SHA512

a8daf5d679c2af908dc7170cb484bc5957cb1fed8122a6e38e58fce080b00ebe1b30987b9dca3e23a04f1618713c27c3b2582003de4eec4e034d080835d8da60
SSDEEP

192:t+JPmr3j1zJnOroA1MCSvYc+YcPObYJBBY1YcbYc3YcI:VCStiPOIKx1I

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5100	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\doxsteazy\main\osint\doxsteazy.py
1⤵
- Modifies registry class
PID:980

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact