350f2b7af2310de1eec502397eb73b1e5c909b989294a1e988911c07a8ec616c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 21:40

Target

$PLUGINSDIR/LuaSocket/lua/socket/smtp.lua
Size

8KB
MD5

29a883b6fb47f87609d0a5b1973aa45b
SHA1

6a36815a72d6d7e6c9ac987461e195d17ff979db
SHA256

04a2bcc6eb8be03803f7ea4c9aa32e6f70f97fdb6b3bc5ecc5e990cc9932ac90
SHA512

c5c648445ea950d58affbacc8b299f26e80b55c4027195cdc055e7d2ee7e3593a59cb36fba8b8dbb8861603d5a03d9867065052b6a3bfd18590a8bd9dd96aac5
SSDEEP

192:hsbQbmId+aSnZwS/UjGf1MT+IsZDOD4GuuJQwDTaBrW:MH8jk1MTrsZDODhuuJIi

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4896	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LuaSocket\lua\socket\smtp.lua
1⤵
- Modifies registry class
PID:2176

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact