8ae976c8b28baa222b4fd527cccbad2d1102ed21c68f9082c53835fde94c2397

Analysis

max time kernel
104s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 13:40

Target

encodings/aliases.py
Size

15KB
MD5

7961acc2151f5b444d3765837e4dc265
SHA1

65423de933b270a471a02373a0d77922a65b5851
SHA256

6fdcc49ba23a0203ae6cf28e608f8e6297d7c4d77d52e651db3cb49b9564c6d2
SHA512

b35feebcc53318befe243a65129b62a8ae33efb7944d536088dfc272181716c9c2b00d9002d555a53d4765f6c5bdf7c7361dc08a915998e46be660c46009a904
SSDEEP

384:W8qpsfOQcOOCYcWA38zGzVy8f0gVCLRqgdx924B8xCsiTWm:9qzRzGzHkshm

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3540	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\encodings\aliases.py
1⤵
- Modifies registry class
PID:5548

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact