5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1

Analysis

max time kernel
142s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 21:19

Target

5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1.exe
Size

2.6MB
MD5

a1e3c5dd9048df7b7914f2ab39072560
SHA1

728f90dcec532aa5b03190ff16decc87a56b8aa0
SHA256

5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1
SHA512

2cae592d863ca9f4273ca3f90d65b7b77d8d2221ee312be0e8f2259bc658d11bf715a5037edf237bae851993a0fb45aa69fd8abeeaf3c9406ee3e90d5b3fc63c
SSDEEP

49152:HsaOGQrJ5QD4fdeYhTDtWHOXsmJrxQrx:xHQU4fdImJdQd

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3592	5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1.exe

C:\Users\Admin\AppData\Local\Temp\5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1.exe
"C:\Users\Admin\AppData\Local\Temp\5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3592

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact