e5d0e04b79037961d3a72a29384d33a9161f18f31582d7802c80c1d3bf058ee6

Analysis

max time kernel
93s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-12-2024 04:07

Target

Build_unsigned.apk
Size

4.4MB
MD5

f49caaf86c5892bf04f06296a5251f0e
SHA1

c5fe6e4a13a39b5391857e6a8b8a02ff2dde2d91
SHA256

e5d0e04b79037961d3a72a29384d33a9161f18f31582d7802c80c1d3bf058ee6
SHA512

cca69d90ce946b43e1f000744f0f38567f0485bf21a82e27a1a9e20cbe35bde1c53767a2ad5b87997e5bd3934241bae134ffa8a501d7005261c0216df4ae159c
SSDEEP

98304:SCtnL+csmcZ3M4/qjzWLJ6Ucoz/Yz+5ESmz9zB7TR0t4ZOlpJJ:ftnLTcZ3ojSLJP7zTEdzvuUOlh

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4576	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Build_unsigned.apk
1⤵
- Modifies registry class
PID:2896

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact