f139ed18bca38e4e61fa88f94f0a070d217df1c1f647191510253352724ea1b5

Analysis

max time kernel
90s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20241007-fr
resource tags

arch:x64arch:x86image:win11-20241007-frlocale:fr-fros:windows11-21h2-x64systemwindows
submitted
14-01-2025 20:43

Target

OblivionCheatVIP 2.1/Compilers/tinycc/include/winapi/nb30.h
Size

4KB
MD5

e35dfbb34027a937ba50d82b73b6176c
SHA1

e47f4d0f63815c624d5293e88e4b81de75bb21a9
SHA256

d6f71f376da33f63b72b1ebbe63e1f0cca3b63d63771de454532814dce0f7374
SHA512

ac90f0755884c39d0e8b1f68a09cbe4ccbe10ea8362758e1905d06d3ffee9641f05db1940ed75a37c6f0b1f8b3ee1313a54763454a3a7b03c0264370f8bbeb9d
SSDEEP

96:e8C+EOYk7R258Rua4LE9eaiYMqtLalJUDVqRWUsq/Hwk3QUtuq3C82:pC+xq58RuaeGeajtLaHUJqRWUsq/z3Qn

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3580	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\OblivionCheatVIP 2.1\Compilers\tinycc\include\winapi\nb30.h"
1⤵
- Modifies registry class
PID:2408

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact