5eae7bf770def9e7fcc76874aa24b559f8a6290fdceec404e1fbd2f62a5e7472

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 19:00

Target

5eae7bf770def9e7fcc76874aa24b559f8a6290fdceec404e1fbd2f62a5e7472.exe
Size

132KB
MD5

013484308031e7b55dce2d7bba61c945
SHA1

a2bbc551422295137549795655272641f234f23d
SHA256

5eae7bf770def9e7fcc76874aa24b559f8a6290fdceec404e1fbd2f62a5e7472
SHA512

d8be5747afec14d5875c9ec02286dde23163c4f2235c597e8923ddf3e97e837b913fd7d4b41aa65076d5b95f49aeed922ea84e7984c4c2504376e2d00096b730
SSDEEP

3072:rCo9dpy7MlbYJl2Xm3P+AG3v3/nm3GH8ZrzdiycM7G2B9F:O0dortiycqhzF

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2200	5eae7bf770def9e7fcc76874aa24b559f8a6290fdceec404e1fbd2f62a5e7472.exe
2200	5eae7bf770def9e7fcc76874aa24b559f8a6290fdceec404e1fbd2f62a5e7472.exe

C:\Users\Admin\AppData\Local\Temp\5eae7bf770def9e7fcc76874aa24b559f8a6290fdceec404e1fbd2f62a5e7472.exe
"C:\Users\Admin\AppData\Local\Temp\5eae7bf770def9e7fcc76874aa24b559f8a6290fdceec404e1fbd2f62a5e7472.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2200

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact