250dd49463bef0ec8fd03d4d1311a001ddccd84b47a01b2b74624f5e9c794b0f

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2024 19:54

Target

Nowy folder/apt/lists/deb.i2p2.no_dists_unstable_inrelease
Size

19KB
MD5

60ba65f568713c63a3d7b4c4c8e619fc
SHA1

8d850293a1e84e7d7a04c54e98b5da083cf0bd11
SHA256

73a3fb48b600978ba3a35147618e8e02c5e197caae2e1f351c29bc60b1dc109c
SHA512

b21c6f886a11afcd259ac23f0199398e1b2fb490207c8f2ed5269da8afae4d499a3bba4418a556e91ad9f5c89afba8e93a5ca42e037d376fd3910e7d26879b43
SSDEEP

192:HdwFN8MVuumdN0TBehjkTIZLhuH3/L2LnZoY35FasKsBszMJKCrVRc6wRDPso4kH:H4eM0R0duj9tk6OY350e2wLQX

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4876	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Nowy folder\apt\lists\deb.i2p2.no_dists_unstable_inrelease"
1⤵
- Modifies registry class
PID:4312

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact