45a32a4a46e916adfb5017ef80f07b7410f04879cd75193fedce951ba1751ced

Analysis

max time kernel
88s
max time network
204s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
23-07-2024 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

maple/assets/config.json
Size

149B
MD5

ee9db446b33f463ca8f558873c6fff7e
SHA1

d40efe04626a430d9c9c1b8db90dbd1110d8e2f8
SHA256

09962830609b0d1d5b286ad3e178245cfc152caa278d660b5b0a3dc21559547e
SHA512

7babaeb3edf9a7fcb9da804c5c1c53ce8abfeb91f83774a60bd538ca3c0bb4afb29f0afeb4ebb00bb51575a8c8d7011900367b92643925a1e585f2e73fba86d8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

2548 OpenWith.exe

pid	process
2548	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\maple\assets\config.json
1⤵
- Modifies registry class
PID:2988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads