d489087cde47379429b9af4ded868cd0bfc2be600f3ed75f306cc341e64d66ca

Analysis

max time kernel
555s
max time network
442s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 20:40

Target

source_prepared.pyc
Size

229KB
MD5

bf91fae81947f2cdff0c3685679b330a
SHA1

7ef2002a4946ed0a88b22e47bd0d6cb93ff75d54
SHA256

533d5f7cbceefe280ea19f98eb55571bb5b180844d17d7ba112695d7d8243277
SHA512

e3b11caeca2455f5a778c6c77c58fc114bfdd15bebca08d4903084286b9b500e83ea0693dd8bc28b4ddd15937151aacf98951dad4e951e54e8f67677473e406f
SSDEEP

3072:JrGdZqFjQqi6Xq3D6+od8btkt/qA8HiMN8YpVs7YB:JrUZCi6am+o7tF0Pe6sg

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1936	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
1⤵
- Modifies registry class
PID:2660

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact