0ed762362d84af0b8ffb94826f524899fa3e94978fb8098cacba0255708df411

Analysis

max time kernel
134s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Executor.rar
Size

8.5MB
MD5

b89e0e0d30b9110c054a835a0769f7ff
SHA1

3a3b38bf7e2b018ac2b31001ae81b33d37acf946
SHA256

0b8cf93755560b9e92be4b0c791a8fff15db9e38f9e6952ae9b58ea84ccab3dd
SHA512

ac3b00bf76758f03a83cff1380d08def9638e9df3e803be48be0d78adee8909ecbbf4d02565b8aa3bab7927a3d3f04a417c38c222e77cacbd5f4f5a1356377b1
SSDEEP

196608:DgD702OCl4dgTuIV+1JSWsssk4l0SK9Z/p0ZVDjJdgYscVE:UMtVI4/5YVq/qZdtd8Z

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4984	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Executor.rar
1⤵
- Modifies registry class
PID:3656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...