e3a9f01d1244f95e1db32eff99541d81e76b60655ebcd1af30fc3bf4280f421e

Analysis

max time kernel
6s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-02-2025 05:03

Target

Stub.pyc
Size

874KB
MD5

ed2c1eb50ead9d0e90a2ce9ef1620afa
SHA1

65191230f8b48fbc49a6899c565fa4ddb1a49835
SHA256

6980f4295121f9165bba3ce7b7e3b39eee3d283bbfd2d4c8c764337e09b5f270
SHA512

f56133e5d4195ddb4d8d56b34ba7dfc978044260ba7e94e994f1e55645befd0d7a4fcf0276542e8624ce631fd62b22aeb1e4b777f064d41c54feb10cc65f4a93
SSDEEP

12288:Ugy6enDv0lBfmvj9KQP2VAkH9va9DfKfN89lsNjb/jfcFdMe24KEa:UgylUE9P2lH1OrENjvfcPKEa

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4584	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc
1⤵
- Modifies registry class
PID:4792

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact