Analysis
-
max time kernel
30s -
max time network
31s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
22/03/2025, 18:05
Behavioral task
behavioral1
Sample
stub.wim
Resource
win7-20241010-en
5 signatures
30 seconds
Behavioral task
behavioral2
Sample
stub.wim
Resource
win10v2004-20250314-en
3 signatures
30 seconds
General
-
Target
stub.wim
-
Size
23KB
-
MD5
ca9e55c46ef083cc7d041ca0e73cf40b
-
SHA1
61bc48a6b6d5dc6686ab55dff330bdaf2c7d3dfb
-
SHA256
ff8f3124fc3990644d9f509b33e109992d081ccbfac24cba880680f58587a6ff
-
SHA512
e772ae58c00af74d6f3e47e22f969e52a46da9aecc16ad5bf5315cea1979ab0d110bb95baa8d6e650bec60c9d7e2a70373b9d5178b2b311a6e5946ee9e157a36
-
SSDEEP
384:K3MLWHn3kIeoLF4+BlpFD4+CTJVr91CzEbLLe6Ym:On3kIhe+7pN4+6Vr9iEbfe6Ym
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2640 OpenWith.exe