4962e32eda2ccd7238948bf579c629a2e70c9bf5a029aa79abac01da119c4414

Analysis

max time kernel
1366s
max time network
1157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 02:43

Target

db.json
Size

311B
MD5

84095feb496d351b9c80e926938f9ca8
SHA1

d8ac99f45d8420698809521a4c1a30e954f118da
SHA256

1ee333036765e94b9f6975a2cfb6a799c42b3357078b424753f6aa61b225e54b
SHA512

347ef12c4f1849a5455014413097ea6d7a6406b36027da4734afad736a5581c6068dd4878aeab02843abbc1e1cfdb37f34c167b4886c8644ad8778e592393e10

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3236	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\db.json
1⤵
- Modifies registry class
PID:4944

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact