d8fcb7bed42cbc5955233a9793e2054b4a1a61fe89e0f01004a7a2e6e44a6de4

Analysis

max time kernel
45s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
14-10-2022 19:15

Target

d8fcb7bed42cbc5955233a9793e2054b4a1a61fe89e0f01004a7a2e6e44a6de4.exe
Size

464KB
MD5

1b8afbafabe54474614c3e488bbafbcb
SHA1

92c323bb1c2a186e0bc1d85e117fbff644cd42af
SHA256

d8fcb7bed42cbc5955233a9793e2054b4a1a61fe89e0f01004a7a2e6e44a6de4
SHA512

168f835644f3cf72de468379c7bced98569c9dbfaeeb24e1b1d28bcd1a41e76e4304a50c45fcb3f70b474af557ed417ad4cbbadb2cb022d482196af335a50fc9
SSDEEP

3072:2D4auBGM87xjSIzRAEdDn10yn72I12ot:2D4auBGM8bDGyn72O2

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1500	d8fcb7bed42cbc5955233a9793e2054b4a1a61fe89e0f01004a7a2e6e44a6de4.exe

C:\Users\Admin\AppData\Local\Temp\d8fcb7bed42cbc5955233a9793e2054b4a1a61fe89e0f01004a7a2e6e44a6de4.exe
"C:\Users\Admin\AppData\Local\Temp\d8fcb7bed42cbc5955233a9793e2054b4a1a61fe89e0f01004a7a2e6e44a6de4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1500

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1500-54-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download