e1d50e3194be515eb994f25e458627036085eee29cbc1842ed34ae08a92dddee

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2024 10:25

Target

Vespy-Grabber-main/tools/GroupFinder.py
Size

2KB
MD5

df51a135407764a9641c9dfd40c973b4
SHA1

1713f450183de4dc294a0d50bf1fa8a8bdf31388
SHA256

3452f09ee11888c24bddb8a12d78f2fe66906204f03d56aef6b2e246453e85b6
SHA512

0a3f2662febfc241c76d052672e27bdb05f6018926f156db7ca5e488d65666f3b962401389d30954a726a188cc4df6dee25676c4cb1008d64df224dec92b2a70

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5072	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Vespy-Grabber-main\tools\GroupFinder.py
1⤵
- Modifies registry class
PID:8

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact