8cf63c500f55ab0fdcb2ed1c354d509503d297ef214ec59a60fe428e711dc80b

Analysis

max time kernel
367s
max time network
420s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 00:12

Target

8cf63c500f55ab0fdcb2ed1c354d509503d297ef214ec59a60fe428e711dc80b.exe
Size

224KB
MD5

f7cd3ca68868c76ebf437c68cd0de372
SHA1

0dba920c38ab9d2b4806de08d6e01cadc30e3203
SHA256

8cf63c500f55ab0fdcb2ed1c354d509503d297ef214ec59a60fe428e711dc80b
SHA512

e2bf2d3ac19054e823900aedb3cd9139fae08f4a1560b7dd11ec0429372e0d7a6fcc14605cb084fab1338e66f4029ac1abfea93218cbf3e9814c85106dd388d0
SSDEEP

3072:hiY27aWbqDImDrT+UvtkvnNBLieMyiayNe2XKrJlZm7lD:hFSuImDrT+U1QtMyiaO6Y

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4988	8cf63c500f55ab0fdcb2ed1c354d509503d297ef214ec59a60fe428e711dc80b.exe

C:\Users\Admin\AppData\Local\Temp\8cf63c500f55ab0fdcb2ed1c354d509503d297ef214ec59a60fe428e711dc80b.exe
"C:\Users\Admin\AppData\Local\Temp\8cf63c500f55ab0fdcb2ed1c354d509503d297ef214ec59a60fe428e711dc80b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4988

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact