7f7223e7fab51423fd004c2a964c9aac54f577ef46397bb050ee5bb8364c6c7f

Analysis

max time kernel
115s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-08-2024 23:08

Target

OverflowRust-master/OverflowR6Rust.sln
Size

4KB
MD5

ebef3c7a54a10d6eeef38fade4a0e322
SHA1

581827939621898f1902f59f9484c4cea69cc2e0
SHA256

421afbac55dae8736e895411c87d82a628856d2f2f58659c0829054e868dd9a8
SHA512

0fae34537dd274c019f29c1b903c28c5fe8d73d7d0ae303b3865fd5896724cf48faf9dcc62b28a924fd659862e1e3606cec166077d810b2f74ccea44e9c4e6b1
SSDEEP

96:qzD/Heo74agcbEeo8eoieo0YeoyYeoAeo+eo8eo2eojeopeoIeoa:4D/N74agcbk8+0IyIwa8yJj4a

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3736	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\OverflowRust-master\OverflowR6Rust.sln
1⤵
- Modifies registry class
PID:388

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact