b7f2ab5eb7881baa91f5bc72ade2544cedfec11c6a9d74b8ed64c9cd59065268

Analysis

max time kernel
147s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
26/02/2025, 12:52

Target

Boostrapper/Web.UI.View/locales/af.pak
Size

327KB
MD5

c9312ff081e600e5fb4483b46ddd7c23
SHA1

1ff05a6a06cc73caf2d7545a3821d90c228ac0af
SHA256

b1987cdcbb8d76598422aa1739a246ed6690dc1b211f950fcbf2f040491ed7a8
SHA512

20c136b44770aa0e06259687656675a3e14310ea4e8ba214726b216bc1bcad6026267bf0132cbca642c0b5c49293386d0a1bd93ba40e1c33b648ae70416e8898
SSDEEP

6144:ZP+kgc+kVWlEvC9Z5D49Em7kLjB6oAYxjYgDbwxesB+xSK1IA3y25tHwDwv22iGe:ZPfclEvC2im4LjB6oAYxjYgDbwAVSK16

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4176	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Boostrapper\Web.UI.View\locales\af.pak
1⤵
- Modifies registry class
PID:212

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact