82ca17856a588a45652b86a9bc9d5cc42aa81631b3a354d8684bc986165991bc

Analysis

max time kernel
397s
max time network
1119s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/09/2024, 06:56

Target

MacroCreator.ini
Size

112B
MD5

6fb5867abce6cc1cb9b84afe066b2112
SHA1

46173fafac774a208c86b6a950fda428112e28e4
SHA256

669ecae746f29d8016b7ec43f066ce28ea60131009562871a80ca672e6b823ff
SHA512

3891e91cacd9ab120eb6766e9ac97300bffcf59b015bdaf23467169c834c8f2fbd0d5dde4caa6b3142b1a94336ef7a76cdc2e08ddfacaae2a92e74d24d149dc2

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
800	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MacroCreator.ini
1⤵
- Modifies registry class
PID:4820

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact