92e0a657eea7ea9cec738b85db8843f89c280f93cd80398399eab5e39e4d324a

Analysis

max time kernel
281s
max time network
342s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 23:41

Target

92e0a657eea7ea9cec738b85db8843f89c280f93cd80398399eab5e39e4d324a.exe
Size

256KB
MD5

e5a0810cf73f784af4e153f514e6bf90
SHA1

c94755ddafdd9dc71e7138903baaa1c4ae796c57
SHA256

92e0a657eea7ea9cec738b85db8843f89c280f93cd80398399eab5e39e4d324a
SHA512

2ce15af919600435c4b8be18b74c40c7f2fe64fe026a94ef7e36982bb5e29d670b2d2bc227d936c371e7494b6eec68573a42d793e2a9a283b061391ee6535de6
SSDEEP

6144:FBawbQXn2J5V2aWOKojDOgbTnNkyjZjjW+:FAwbQWoOKojDOgbTNku1

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3112	92e0a657eea7ea9cec738b85db8843f89c280f93cd80398399eab5e39e4d324a.exe

C:\Users\Admin\AppData\Local\Temp\92e0a657eea7ea9cec738b85db8843f89c280f93cd80398399eab5e39e4d324a.exe
"C:\Users\Admin\AppData\Local\Temp\92e0a657eea7ea9cec738b85db8843f89c280f93cd80398399eab5e39e4d324a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3112

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact