438e44aae94e8376d2e36e23212920e936b7517bca24eaf66e9d7d014e21552c

Analysis

max time kernel
34s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
02/03/2025, 06:40

Target

7000.64
Size

710KB
MD5

d80e1546a194e42f049b1a15287aa4d6
SHA1

980f2d902a250cd3298e2acf45bfbc31044cd8f5
SHA256

7bce4673ac5b7db9bd5d27076c770925c181745b784f806024413a3b5552eebf
SHA512

24501f6bb75078ebdb51999ed32ec1cea6ad57fe27dd48e12066de65dacf8570d0f875c79b9734f844f60042ad8c806d8293f9a92ee15d59fd9b68a50eec8a49
SSDEEP

12288:ZIlddxPHCo90S9LTXIXs5im4MkQbSJDTdx4Is//O1ScnBM:ZI/dLTXIXw4jQb+Tffs//gScS

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2420	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\7000.64
1⤵
- Modifies registry class
PID:3672

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact