Analysis

  • max time kernel
    30s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 18:05

General

  • Target

    stub.wim

  • Size

    23KB

  • MD5

    ca9e55c46ef083cc7d041ca0e73cf40b

  • SHA1

    61bc48a6b6d5dc6686ab55dff330bdaf2c7d3dfb

  • SHA256

    ff8f3124fc3990644d9f509b33e109992d081ccbfac24cba880680f58587a6ff

  • SHA512

    e772ae58c00af74d6f3e47e22f969e52a46da9aecc16ad5bf5315cea1979ab0d110bb95baa8d6e650bec60c9d7e2a70373b9d5178b2b311a6e5946ee9e157a36

  • SSDEEP

    384:K3MLWHn3kIeoLF4+BlpFD4+CTJVr91CzEbLLe6Ym:On3kIhe+7pN4+6Vr9iEbfe6Ym

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\stub.wim
    1⤵
    • Modifies registry class
    PID:4268
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads