74d8b072bf70c53740218aa59b9afdbd456a585106d2e24d454e3849bf86cd39

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 18:24

Target

74d8b072bf70c53740218aa59b9afdbd456a585106d2e24d454e3849bf86cd39.exe
Size

20KB
MD5

07584b8486d3e40421b1159ccb2a8d60
SHA1

27eb05e4174f7d050c63adf7c2be68c09c15a311
SHA256

74d8b072bf70c53740218aa59b9afdbd456a585106d2e24d454e3849bf86cd39
SHA512

8cc3d942207521c95b34ce15b809f00b5ad8bfe8d14b2f3ad52a94f8699b08676031663cef72bf552e8d6c772c5de528b590e453067fc7a03babc8dd7f189809
SSDEEP

96:MWJK9hfS5xJQ6xKIQFzy1Kp8YnoMkMOD5xoOyPVJG9zyJTd6x1b:MmKPf36xK9e1KpBnoMkMKjUgzyJi

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1072	74d8b072bf70c53740218aa59b9afdbd456a585106d2e24d454e3849bf86cd39.exe

C:\Users\Admin\AppData\Local\Temp\74d8b072bf70c53740218aa59b9afdbd456a585106d2e24d454e3849bf86cd39.exe
"C:\Users\Admin\AppData\Local\Temp\74d8b072bf70c53740218aa59b9afdbd456a585106d2e24d454e3849bf86cd39.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1072

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1072-56-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1072-57-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download