1d5136cd83db5f71d6d8b10d43f33009aae773bac34a9ebe365a43ec4e954692

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2024 11:32

Target

1d5136cd83db5f71d6d8b10d43f33009aae773bac34a9ebe365a43ec4e954692.lzh
Size

180KB
MD5

e7163c953316d40430fbc43eac453cc2
SHA1

46d31f0078cf62860cef4354dc3b27ce70f27633
SHA256

1d5136cd83db5f71d6d8b10d43f33009aae773bac34a9ebe365a43ec4e954692
SHA512

83043aff66e0484d6bf06a7139246747340900bca9e59e70a29b13b6af8601fd8839f78cd6589a067d2eeab4a6a24454a5f1d4148d9556ee6846ac156e1b93e5
SSDEEP

3072:bS+BFuBQciCC0KtCbXD2iTFryoygh3ZkijuJ1aM2bu2hcImO8G2sEkwPQ3gA6lR:bS+KOjGXSiT5yohffg2blhf8G2OwkgAc

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3344	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1d5136cd83db5f71d6d8b10d43f33009aae773bac34a9ebe365a43ec4e954692.lzh
1⤵
- Modifies registry class
PID:3928

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact