e1d50e3194be515eb994f25e458627036085eee29cbc1842ed34ae08a92dddee

Analysis

max time kernel
125s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2024, 10:25

Target

Vespy-Grabber-main/utils/Network.py
Size

2KB
MD5

3aea47cac04fdad9722cb66491a2312a
SHA1

0e9a539f8f1ba696f17dfc5bc43ac9dcb3a31301
SHA256

dfb4f79b8df3d31a1674034f62b911ed56d664f0b9fcae3b481a3d40d828faba
SHA512

5f66b350a587733ae53ca989bc0adcd1ec245891d4f6e169512c8a7436abb07f27c894a85d65e894ac068895d321915fd5cf5ad8ef5cbd5f12ef3fa8a608122a

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3512	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Vespy-Grabber-main\utils\Network.py
1⤵
- Modifies registry class
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4212,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:8
1⤵
PID:1208

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact