81e2cb9d51589bbd0d1e7a99f552854fcb81d852f225943d155552bccc4b8e0d

Analysis

max time kernel
137s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240611-es
resource tags

arch:x64arch:x86image:win10-20240611-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
23-07-2024 13:29

Target

Comparendo.rar
Size

181KB
MD5

b37868e4da715fd5510d451e5b97f4b8
SHA1

2e9c49e096ba059fa7f7f4ac35d8856a560c1e68
SHA256

81e2cb9d51589bbd0d1e7a99f552854fcb81d852f225943d155552bccc4b8e0d
SHA512

9e2ed9a631a1aaf4f32df31a1469bd5e413ac34494d94f0f971b7524af93787b3308116e0de8e6bb0cc7f2695ae2d77c3e1a75537784186531259f237b795886
SSDEEP

3072:j71TPGcF3gBfwb+HpJ6RfdK7JL47fPiPc11e7GnK/Z879khLVSWsc7IaVeiGSig7:j7J+CgwaJYRs7+Cu07SKR8YLVS3aV7ie

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 3 IoCs

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Comparendo.rar
1⤵
- Modifies registry class
PID:4016

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact