3fa6ec2a3bc8cee86b4806dd22833fb131004281d59e7e1d2cdb316e630288fa

Analysis

max time kernel
115s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 01:03

Target

FortniteV1.75/lunar-main/yolov7/deploy/triton-inference-server/boundingbox.py
Size

960B
MD5

69cdb2d1f504b9d357eab2e01b1d1384
SHA1

f07786a75850f6f7dc71e65c0682564b77e655bd
SHA256

3ea3d853ec9f40f648250e2c2daa076bb7b4fe5c1ecc6e5fd775a15930e42a0f
SHA512

a8134688b1172276b30b7aa6d17f494a514eba5b8793835379ada68693e332bc50a9cd6defdb5d822848aeec2b4ca2faf1eb6370fdb216ac27068e91d44ce8f2

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
536	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\FortniteV1.75\lunar-main\yolov7\deploy\triton-inference-server\boundingbox.py
1⤵
- Modifies registry class
PID:3484

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact