d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478

Analysis

max time kernel
135s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 02:25

Target

pydub/exceptions.pyc
Size

1KB
MD5

7eaae5734fa29bc4d7d32a1d1aca4194
SHA1

d006627bb4261e7fcf461fb89acfdc51cb1a283d
SHA256

ea64043be5f12b499b05b225f62c58bb901f534b3f68e8e1cd1ca5ab9c19a6ff
SHA512

55199198f87220b6e56d87d9ec198e86d90d9bb3512d1b897a47b825d01dd1f15214d182836d309f90b452a237ce0cf54556f765e76ef247cfd5fae9b3ff3973

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4628	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\pydub\exceptions.pyc
1⤵
- Modifies registry class
PID:384

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact