cef9b7920c777b285270810fdb98f67711885a11033981db866e961ef62a056b

Analysis

max time kernel
242s
max time network
291s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 13:13

Target

.text
Size

25KB
MD5

26e66bea3b62728a217ae7bf343ebc1a
SHA1

9f0062d178456fa350a128ec3e4a53126d637629
SHA256

132bd0f8f45633fbe2d99a96c4f63b54ba661578c873eb31b59d108747ba86f7
SHA512

2e087ab71632b983282bba97fcc2442d4e7b2b4e4cb134c4e3fa20ba92b194fca8320cc869d1f1f40019a4dd97167cb25d469f9482775146c3a846e9b8c87441
SSDEEP

768:7Ws2ZNc0ncBiSFxoyIO2QJ01k1o0WBSzw:isuNLvSFVVeoz

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
724	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.text
1⤵
- Modifies registry class
PID:1956

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact