619739e4769781798b4786fb9cae2fa31a4b99d55ea98cbabddca454aa3e92f6

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 07:44

Target

cinerotique_mod_scripts/inject_testsets_into_interactions.pyc
Size

971B
MD5

0aa75669125e0bb66240a717dbde981c
SHA1

801f2fbc3a7603194f67cb4d1f7b2413c1bcf077
SHA256

fb1532b3ebf246b7be60d4454a7e7088c3909c5369d84cf95537a71b2cef5b73
SHA512

99e83f942827b458d0548cbcd9642dc74b7b4d2a49ab7e85ac55b4356467783eb3f60a122bc8981325e1313f54e4cc1d9e721502c02170acaabebab6893b5236

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
228	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\cinerotique_mod_scripts\inject_testsets_into_interactions.pyc
1⤵
- Modifies registry class
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4440,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:8
1⤵
PID:4200

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact