d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 02:25

Target

pydub/effects.pyc
Size

8KB
MD5

bd9a29dde03343306f616c24bebd0502
SHA1

aa269c38d2f6482b3d84efbdd9c09a79b8c27dab
SHA256

e0b3aa9fadd1ff5133aa2e5f15c35e04a5f397c581e286c5690a3c89db19162e
SHA512

47e85fa635684b54ce347fa32a040ff2c84845739754839d99db8034c5baa11aca44db6198563680097338186b2ab8974cd528f0736f4b5952c03e51916beed1
SSDEEP

192:JTOMLTV2KfLr3zQ9bEAVKRB85ZFOiF1eqGA7ajLk:dOMV2KfM9bEAz5vOiFQq774k

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4100	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\pydub\effects.pyc
1⤵
- Modifies registry class
PID:3868

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact