241b6778b05e6b49fe9a86753a2730e2e4912c91d0588cf36b36364b74fd4872

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 20:40

Target

workspace/Speed Hub X V4.lua
Size

77B
MD5

28fb2557492a529d7a361b1d4e8e3bdb
SHA1

83024fc72d7df9c9464130aaa52aad1c7ce08984
SHA256

4228e62be1c9efbc06b7562b12e16a8f4732e98ad3cb5112a15c081a337fd120
SHA512

60a7ba6bb89871812f0f67597532d66ddbc986e87f75feaa0ba6c89ec4531f657f3e996f0308d2d1bc86800348d74db00d33bcf6d88e784c7a1e849bc4c0a8c0

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_Classes\Local Settings	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2128	2376	cmd.exe	31
PID 2376 wrote to memory of 2128	2376	cmd.exe	31
PID 2376 wrote to memory of 2128	2376	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\workspace\Speed Hub X V4.lua"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\workspace\Speed Hub X V4.lua
  2⤵
  - Modifies registry class
  PID:2128

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact