b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd

Analysis

max time kernel
237s
max time network
253s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 00:19

Target

b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd.exe
Size

288KB
MD5

8f1d838ba4d6c7a51a962d9abfa30c60
SHA1

b942265c3c571b1dd811d2853befa5720065468f
SHA256

b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd
SHA512

1df5440194c5129938cf5640a9c5b2a54de3535721777ad8151e72569344f4ec23d603b3be3b3ab2e080cebf22b22e0edae5dbc8264b45e16912bf20970b8e2f
SSDEEP

3072:AU0nUhhQdiEXIOZAksTCPkix7Fe7dEN8EXgNqf5cTrWi6ei2uiTbtTmH8Fe90p0X:70JiDbYJFsE0NMCP6wJYj8t/cx

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2752	b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd.exe

C:\Users\Admin\AppData\Local\Temp\b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd.exe
"C:\Users\Admin\AppData\Local\Temp\b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2752

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact