89b4c4f67d950e4582518a2aaf68167e1c6f853f5715de9af82f5521567eb1a5

Analysis

max time kernel
212s
max time network
274s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/10/2024, 17:56

Target

riot/main.py
Size

3KB
MD5

1f9011d75e012a6ee83b3b8dac5f59db
SHA1

c68bbb601242607011cef01e813bf637f1f60f06
SHA256

c004d1d6d83d35e9788326fcff2f1d99838013f18846db27ee6efc2f2009d77b
SHA512

68d0e79197c794409b3979dcccb18f7dd369f751856920cba6755a74bace66f884f97bcc52d7b28dc92bc1cbe98a825642a34b39b2c6806a0a4c7eba4b61d77f

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5104	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\riot\main.py
1⤵
- Modifies registry class
PID:6092

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact