a9003cd5eaf51dff0c8d1ee3a7ef8cc79ed7ce7cd527e72c80bb86adbbc2a5a9

Analysis

max time kernel
169s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 20:09

Target

Oficio electrónico Cancelación de contrato 30 de septiembre.rar
Size

224KB
MD5

a77920fc0c39e4a58f8832f49c9b72a3
SHA1

52d1aa9d634fbead19af94cb4a57ec3feacc2ce1
SHA256

a9003cd5eaf51dff0c8d1ee3a7ef8cc79ed7ce7cd527e72c80bb86adbbc2a5a9
SHA512

c0c79520267eb821b77bf7a0d543c751efcf5216cdd1a52a0000f96a93ed68edbeb5848364d263de6365f23ea963d30bc98596589d9a0111351c6ccf3b36d2a2
SSDEEP

6144:ky+nL9Jokrk0jq/rIyU1CC/xwtlmdVky+xEU2cfFJt:kH9JrrkMiMyUXtdVkxBbN

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2012	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Oficio electrónico Cancelación de contrato 30 de septiembre.rar"
1⤵
- Modifies registry class
PID:4000

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact