30fe7a7d5ac9b610d4a837bb343ebe3f1be7a6019c0ca439ef1b895cabd7e5a8

Analysis

max time kernel
129s
max time network
138s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
20/06/2024, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

install/24.4.4.1168.manifest
Size

223B
MD5

2bc6a1bed7998c7257d29529a30abef8
SHA1

d2d61a45e9283f2fd6f491d06f683f391af4319b
SHA256

570e26e2e0c74a1550af9d91b0ab11c2ac65eef172c9ae62626a6b7a20f6ce99
SHA512

caf0c628974b5caf2b3f819ff741bfd9b13d16049106f90c3f4e2d701c1816a4b5b456b9d596656e09c95d276dcc117719109e0aded1e23b214e25954d7a8b45

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4796	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\install\24.4.4.1168.manifest
1⤵
- Modifies registry class
PID:4124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...