5d884af9bd07c8b1b3d546a248e8448f750f1f8ea308bdd6cf95e051375e8273

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16/10/2022, 19:39

Target

5d884af9bd07c8b1b3d546a248e8448f750f1f8ea308bdd6cf95e051375e8273.exe
Size

5.6MB
MD5

2dea31426118093d7a71a1fb37993ca3
SHA1

d565032f020b73d3f970ce96921a934d74902f76
SHA256

5d884af9bd07c8b1b3d546a248e8448f750f1f8ea308bdd6cf95e051375e8273
SHA512

90e27e040df4afeb375914867aa05da330331e46d3e89e7f58fa8c46d0aad2b94e202d266a3b7de8c978d950e015fb655b701aa56c2fb4b1b7d83aed35f36fed
SSDEEP

98304:p4MRQn0y+U2AqXPdE86+lRdplbe+0HFzwGhdqeOuA/Z9/wE:p/e0y+U2Aq/e89jdpl69wkTsb/

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1688	5d884af9bd07c8b1b3d546a248e8448f750f1f8ea308bdd6cf95e051375e8273.exe

C:\Users\Admin\AppData\Local\Temp\5d884af9bd07c8b1b3d546a248e8448f750f1f8ea308bdd6cf95e051375e8273.exe
"C:\Users\Admin\AppData\Local\Temp\5d884af9bd07c8b1b3d546a248e8448f750f1f8ea308bdd6cf95e051375e8273.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1688

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1688-54-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download