a8bf1f18f506273200ccab68bb91930074d98fe42d8a1a513891bc9eb6c1249b

Analysis

max time kernel
2s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-10-2022 23:12

Target

a8bf1f18f506273200ccab68bb91930074d98fe42d8a1a513891bc9eb6c1249b.exe
Size

312KB
MD5

000b81475cc462cfc001a55e575088c0
SHA1

f777fa672bab7e75082818931b58b4573ddb03bb
SHA256

a8bf1f18f506273200ccab68bb91930074d98fe42d8a1a513891bc9eb6c1249b
SHA512

b90db19cf6eff9afa738fc658a01ff26a3d53f4debcb6532df35a9c5fade3744d197c8bd425f5f4b53cf35d58aa5781092e7adf0d5287ff806e1c48412beb225
SSDEEP

6144:OUGkHAikbtllyNiggiFCNQAIy1iPSEpFxaqHwRqpqGppk:OUG9leiliFCNXIwi5AqHwR5Gw

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1448	a8bf1f18f506273200ccab68bb91930074d98fe42d8a1a513891bc9eb6c1249b.exe
1448	a8bf1f18f506273200ccab68bb91930074d98fe42d8a1a513891bc9eb6c1249b.exe

C:\Users\Admin\AppData\Local\Temp\a8bf1f18f506273200ccab68bb91930074d98fe42d8a1a513891bc9eb6c1249b.exe
"C:\Users\Admin\AppData\Local\Temp\a8bf1f18f506273200ccab68bb91930074d98fe42d8a1a513891bc9eb6c1249b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1448

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1448-54-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download