3783feeec694127f6761c7e547753124705e4cf58d7f894203a63793fc812bd2

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 17:43

Target

3783feeec694127f6761c7e547753124705e4cf58d7f894203a63793fc812bd2.exe
Size

132KB
MD5

6b51eac03c934b2c86ec7f589da61fe4
SHA1

2aa0dde31f81082159fbeccdc3b1c0825846d933
SHA256

3783feeec694127f6761c7e547753124705e4cf58d7f894203a63793fc812bd2
SHA512

24564aa4e98e44a077bea7dd6ae348fd168a3dd3b52bf5986ac4bd40c3d0e22a6c842cedce3459ef4a5ec1d64fdefa7f8e98db54c8c944489385af13d23c0380
SSDEEP

3072:d9dpykUu00O0Xn3P+AG3v3/nc3GH2FnkfCgJKq6c7G2B9q:3doTRfCpahzq

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1712	3783feeec694127f6761c7e547753124705e4cf58d7f894203a63793fc812bd2.exe
1712	3783feeec694127f6761c7e547753124705e4cf58d7f894203a63793fc812bd2.exe

C:\Users\Admin\AppData\Local\Temp\3783feeec694127f6761c7e547753124705e4cf58d7f894203a63793fc812bd2.exe
"C:\Users\Admin\AppData\Local\Temp\3783feeec694127f6761c7e547753124705e4cf58d7f894203a63793fc812bd2.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1712

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1712-57-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download