44ecc6a7624b2fdf03cb9b419f111892515fb036fe23f88e51456dce69066046

Analysis

max time kernel
417s
max time network
442s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
24/06/2024, 11:03

Target

QtQuick/Controls/StackView.qmlc
Size

16KB
MD5

1f159f60c9bf96ae8d654a0db365d59f
SHA1

30fc33dbe0e3af05629790b8ec7394c8af26f4ab
SHA256

914342db0d038dc025300ca6213e775f662029d701773d0eb5b8dad592cb7a84
SHA512

a58025b05b2efc6778cc3193546ec8e0b2795f616392cf554a5a78d64a8910ce501924a498d75930c5e085b65e338151e5f323e038473f895d2186ebba1372df
SSDEEP

192:Pb+L5B+re4/r+oEmXxjVfxN+ksOH3iQUWbB85UGCJub7wU4t6:Pb+L5B+64/r13Xxpb+m3EWbcUGCssPt6

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4644	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\QtQuick\Controls\StackView.qmlc
1⤵
- Modifies registry class
PID:1848

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact