f6bdf4b319fd103418ce014027ca8fdd58945e5a4cca847d6216f7fbe47a7f7c

Analysis

max time kernel
133s
max time network
175s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
07-01-2025 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IDA Professional 9.0/procs/ebc.py
Size

53KB
MD5

0f82a1a6d8562e5de7bbfca43fb46106
SHA1

155dd41bf55e596a377dad5a5c1b429eb9ae6a4f
SHA256

038f252e16853b838a7a10917b41b98196cc01397f6e8449660b46cf5d0c76e3
SHA512

38eb164178879b765934e3f686909c0e3ae44c5a177600c1cdf71494152a2410c699449314d8d8479e21f04b95cf79d01adecd58fdc5433850858804bd2361b6
SSDEEP

384:d6UAE7dD4zoVtGb2ptHnaOfBnBzr6zXLWkLI7FqvsGtFeyibiZ+z/kkhYnZAUakR:d6BkR4zoVvrHaOfB8GebkhSH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5112	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\IDA Professional 9.0\procs\ebc.py"
1⤵
- Modifies registry class
PID:1808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=3976,i,17476829075324997603,14745427267329772187,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
1⤵
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads