71699ed2954f4325ee9c7c866b0b092460591b5d1e110552e5c02f1a4acc5ede

Analysis

max time kernel
91s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 22:36

Target

jackmpcollins-magentic-6747d99/src/magentic/chat_model/litellm_chat_model.py
Size

10KB
MD5

c0067ae74f417f58aa78cf775e455af2
SHA1

5d7ababf9401cca81b37ec33b2d48532640608c5
SHA256

41df78b1efa973cc6e7e0f1c6883cb79a95fc09ee4c708b3540072918fcfa03e
SHA512

2780e267c142d0f180b6e231cef48f181cd97b8f4bc6b361f65c64ba9a2bff3a31fd6b400b2b75d395350b9123074fa96486f5d3dc586c464b349a7a237f2a7c
SSDEEP

192:+MZg0+VVOLnHcFHNfiGDdJWG0tSJhbKesiI1IS6nHTFHu5PifDpeWG08S6hFhKek:m0+VVMnHcFHtzxcJtSJhe+06nHTFH+2d

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1836	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\jackmpcollins-magentic-6747d99\src\magentic\chat_model\litellm_chat_model.py
1⤵
- Modifies registry class
PID:320

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact