d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478

Analysis

max time kernel
442s
max time network
446s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
01-08-2024 20:53

Target

Data/Python/Lib/site-packages/numpy/version.pyc
Size

559B
MD5

2f8eb06ad1328710475cf756e474a665
SHA1

4b7a710f46cdfdfc23b7ccda8166a5de5d532e90
SHA256

38f5b5f79d9e5ad5e52c31219191e796b1fc6f916ee2a05b6aca2c7fb00c4976
SHA512

62138023267be354aadbd97be31b03c06abf363dc1f10e45540698befb21a11066213de793f63a8bbf243d43c68e74ce98500064556a7d2ec4bb81ddc3ec0d39

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1648	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Data\Python\Lib\site-packages\numpy\version.pyc
1⤵
- Modifies registry class
PID:2308

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact