8602c57b152d735fb6e44c5866cd4a837f337d5464641f55e22fd65556e41ee2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 05:12

Target

.x86_64
Size

6.1MB
MD5

f9ba8c3372fdaf67422703bbc2208640
SHA1

5042e58bc2e1d94912d11b11286ad6bccf0e4666
SHA256

8602c57b152d735fb6e44c5866cd4a837f337d5464641f55e22fd65556e41ee2
SHA512

d330557ff2bab35181a5b2ce550b11fc4f3dc8d38431ac26989d22b9247df955684fddf97dc11235001852b490704db3af87ed859c8a5bca3573aac66dd1018c
SSDEEP

98304:HtpIDtRKq6YrRYjfmUyy++++++qq++++u+uwP5R5R5VYjMYjMtpuVE8OLqjbOqw0:H+tAq65cKEpHVGZA2O7TI

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_Classes\Local Settings	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2868	2816	cmd.exe	31
PID 2816 wrote to memory of 2868	2816	cmd.exe	31
PID 2816 wrote to memory of 2868	2816	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.x86_64
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\.x86_64
  2⤵
  - Modifies registry class
  PID:2868

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact