74bb573f6c17a2dda72697289012e217fb8e6f202b820d676624b53b03cd0fa4

Analysis

max time kernel
95s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2024 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Encounter Counter/EncounterCounter.pdb
Size

14KB
MD5

314d9568b8c99f3dedf9c9333e3d76b5
SHA1

7c31d283fb585059c76035ff2b01f01d2a3b7875
SHA256

340970b85d8fcdf7f7e2e2178744af4e3c22b210e3e18462d5113f9a61760a21
SHA512

afa7588ab697c4d90b396d1d6770848eea6d1dd395a906aea8c1861f2498917c510f08c0327c3b8d7a73e870e2b7dc1b3412479550ffdae76330aa8cb4c91629
SSDEEP

384:UNTIQ+NtpCrtdtB10dapq/6PhR+6KhBicBE9a+20AuVo73HafyEVAn1wF3721cvy:K8QKfCn923QAip7xWf3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1116	OpenWith.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe
1116	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Encounter Counter\EncounterCounter.pdb"
1⤵
- Modifies registry class
PID:4404

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads