c5fa821a4462e0a3dedd070bb38e0ea1ac927541ca62df33fe91519bb5d84866

Analysis

max time kernel
93s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 00:51

Target

Bartender 5 5.0.27/.background/bg.png:com.apple.quarantine
Size

22B
MD5

5ddf174686650e468949ffbd37da2375
SHA1

f066f2210fa52581c6b3977096d0add2eac87614
SHA256

028bbbaa4e930a80e219115e7d36233868f128d3fed2c5c8c3b8ffbbb408fbd2
SHA512

71663216854a30de892a4f9150cbef9890c1e773b66dcdb91d5f0f69a3be2762d89d6da67bc84cd03c4e348dbad79da332330e008d532276bfd19634df87b854

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3584	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Bartender 5 5.0.27\.background\bg.png_com.apple.quarantine"
1⤵
- Modifies registry class
PID:3696

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact