bbdf4c8d657e3123bd009ab086758bfd707f9b8c7f5fabb22783c4cb81784ca8

Analysis

max time kernel
422s
max time network
447s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-es
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-eslocale:es-esos:windows10-ltsc 2021-x64systemwindows
submitted
22-01-2025 15:18

Target

stl_03.ott
Size

46KB
MD5

5b4cfd625644de7e114e15c2311cb738
SHA1

bd64acdc0939b351c06489f96b0ed8f8e417e991
SHA256

e6b723bb3217c7b7246c50fc5e4aee2d2366d84f5f32c007675e5cfbac6c2646
SHA512

560b04cc034cab1d8b2928db4019f3013fc50dd4329e66568406e80bce1106bfdeb638d57c4ff23052d69bf41c8d92f405d7616a80b06f99d989e54b1da707cb
SSDEEP

768:i94yWuIOu5S/UIfgi/PRJ/8fgm6HK/+DajL1rg/u0Qdv1tp2NiJtAG2We3Tc0:isu65S/UgPj/Ogm6HK/LjLBg20uvPs4w

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2826969134-2088669430-2680400721-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2826969134-2088669430-2680400721-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1348	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\stl_03.ott
1⤵
- Modifies registry class
PID:3940

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact