498e1a7d867df07ffa85a9f56e34faf43988b54cc84107e4696a9039fdb8c059

Analysis

max time kernel
93s
max time network
143s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04/03/2025, 19:41

Target

discord-image-logger-release/src/components/startup.py
Size

1KB
MD5

d17d405ca05de43451c90ed876382851
SHA1

5d79d59b7c7d84da78b16c3b11ccc329a85974c6
SHA256

e93db849ec64a2c100f7d07bb1267edb96177b4097573796213fe19623b85e57
SHA512

7e2f8325cae28528d84fe1967ded6375d8b581d99a93d5b2dbae8f7a7af03c60cadacd21bd0d29771ccb0dc438e5aac30321f251db44124ab841f267a0ff887b

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
972	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\discord-image-logger-release\src\components\startup.py
1⤵
- Modifies registry class
PID:1880

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact