d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478

Analysis

max time kernel
150s
max time network
128s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18-08-2024 14:52

Target

Data/Python/Lib/site-packages/numpy/lib/index_tricks.pyi
Size

4KB
MD5

a4171b28c00c09dd6040f65d513a0ae9
SHA1

c7c57f2d47862f7fc7ba09297b8d8daabd48b960
SHA256

3e4e1fc61f2f276a5e15e04c247a96f815cc3cf179970d31b2a8a4cc4bc7aaca
SHA512

424f3ab45f3f18dc64dbf9f0480276aea1de6df68ed0cb21e65f5a42b5a4e086f55e404b974230b0e9b7b954c0b5d60a21de76a070d6dfba28632e718c73fea6
SSDEEP

96:vqCbeXNPvImgjkADFyHcUsgxEuN9AudT4KN6ljmjmBUYRTTBJ+pBfTCfvlfQjxtO:pgtgmwkADec0HAudTXAKj03vg/WH1Axs

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4320	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Data\Python\Lib\site-packages\numpy\lib\index_tricks.pyi
1⤵
- Modifies registry class
PID:4168

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact