d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d

Analysis

max time kernel
276s
max time network
255s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 19:34

Target

d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d.exe
Size

1.1MB
MD5

5215daaf249f78c9b132f1563bc4248e
SHA1

a5e64d9f47c56f8aa9ad5ad5bf8f52ab66da9ec5
SHA256

d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d
SHA512

9da26d64021173bdaf4460d6f926e8af4a9af99f0ed9721e5df90fc7b20b687bf200b58b9faa2f0d4e5cff58e847abd16714d22120a29f82c760971c096b5f2e
SSDEEP

12288:ACrnoS0SkBEkazsG2sBpAY9QxLmpl2Ofe8KFFU0H/42fG31oVekukHzIOI8AAf3k:3CA+4pAYnKFFVH/01ytYf8Amse/edoa

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d.exe

pid process

1960 d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d.exe

pid	process
1960	d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d.exe

C:\Users\Admin\AppData\Local\Temp\d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d.exe
"C:\Users\Admin\AppData\Local\Temp\d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1960

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact