f012dd76bed797a524a762645867d40b8812bac92049cf27c61a6910fed92d01

Analysis

max time kernel
138s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 19:51

Target

advanced-multitools/plugins/Serveurlookup.py
Size

5KB
MD5

cc041c1475102ef92a33209b908215bc
SHA1

af2a56646c7a3d874c322c6eab6bb60c368120af
SHA256

81e7693fa323753f65cd0236b05b7de6e6049c81f12ba88a65cbef7cf81941b5
SHA512

c8e32fa144d0ffbcb1b9cfb3bf99d4bf1d80c79e836e2431919f7f7cd4f5473e215cbfc5c359c92aa2d5c25327c90cc2450682631401d8d01de7923baf240a3f
SSDEEP

48:llRqsYUm5nIaF+iCqJ4U95BxEJfjZB2mFrEZIX52BT9cyM/VM7NB6AIta5c49ZGa:l3qsYUIF+/a4JFmpBrWOfg9qcK/

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2092	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\advanced-multitools\plugins\Serveurlookup.py
1⤵
- Modifies registry class
PID:3240

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact