cca3cfdc961211606abdff0123f1eb4fc21124eee73d4626b18a311fa4fccbf7

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13/09/2024, 16:24

Target

Nuker/utils/ogtheme.py
Size

11KB
MD5

24d607e033a2790d1ea284e29aca1e7b
SHA1

20df2403f61c3c49d7a39ecf3c9c709429c04867
SHA256

44d72fcd899705518f94f3314b03bf9e95c02e53e2eac026f1e19f93d200c0a2
SHA512

f5dc36bb6ad3c2088069268defc45e75659043bf400cd0e91c5aa1b990955394d0f9b50a2f1871728e6f5626d94c198a949d3180901f49c957df06f0d28ab516
SSDEEP

96:3AgY6666hrtrzgfdJK01Ro6666X6RkPfqIeTZMHHiwrcJWGwOi:3Q14RkPfqIeTZMHHiwj

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2788	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Nuker\utils\ogtheme.py
1⤵
- Modifies registry class
PID:1344

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact