e1d50e3194be515eb994f25e458627036085eee29cbc1842ed34ae08a92dddee

Analysis

max time kernel
95s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2024 10:25

Target

Vespy-Grabber-main/tools/EncodeWebhook.py
Size

209B
MD5

06ca674d11e1f585b71e4e914dbaba45
SHA1

8625abe6e225863545313a6e7e2ebb3018898274
SHA256

6a570f3e597879e96a90b7655f2c71e7f311e12eb88d27094fbe212231ddc386
SHA512

d7694f5913de0c02d261888d10c158bc56dd40367e0afafdc883bdf0f3690f95d6d5ffbc5899f57bcb3d004eab9f05eae4dabe95bb1f0b0aca279ae4352835f0

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3892	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Vespy-Grabber-main\tools\EncodeWebhook.py
1⤵
- Modifies registry class
PID:4952

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact