c5fa821a4462e0a3dedd070bb38e0ea1ac927541ca62df33fe91519bb5d84866

Analysis

max time kernel
93s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 00:51

Target

Bartender 5 5.0.27/.VolumeIcon.icns:com.apple.quarantine
Size

22B
MD5

a200809dcff602f0873c924e4922e805
SHA1

688116e29625cbbd2f60628ea97cb8ef3d5bd0b6
SHA256

53a355bf83c012a82a6f727b1eefa96919791e3a4fb9b64f1cbeaa0bc4505f8c
SHA512

e4b652e52188568ecfbd294ce1b90b532129b3bd596cb15dc4d3f88738fc2aa454c99d1e43bc7c2bb9dba99899fb5b1bfb112a18a78a398d6d0c4cf1e0968bbf

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
376	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Bartender 5 5.0.27\.VolumeIcon.icns_com.apple.quarantine"
1⤵
- Modifies registry class
PID:1984

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact