e5b98f79e84d434b44fe4dab6b0e7823772d32744249a8fb9fb2288d0b354b21

Analysis

max time kernel
141s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

scph39001.bin
Size

4.0MB
MD5

d5ce2c7d119f563ce04bc04dbc3a323e
SHA1

f9a5d629a036b99128f7cb530c6e3ca016e9c8b7
SHA256

f4c948e61a291d4b3f92a141e550cf8357204287a31ff784caccbedaef910c9d
SHA512

9c1bacb8996a084f91124ea4e36cea7ed303ae90ede320ca79f070a2f5ee51c5e4b6297c9e3e20d88391e3a7ba78eca61a55f4aabc4fac2b944c3458cad845f6
SSDEEP

49152:3l4rLTETm8tXP/D4qvBG92oqcwsU38MHlvG135t20Eh:3l4LxIBqD6VMCG1pY0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2776	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\scph39001.bin
1⤵
- Modifies registry class
PID:836

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...