c58a8ecd1ba97383fd13567bd9b63d259e9c9bfa65202614d955ab6d6633586f

Analysis

max time kernel
33s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 05:25

Target

c58a8ecd1ba97383fd13567bd9b63d259e9c9bfa65202614d955ab6d6633586f.exe
Size

1.1MB
MD5

a0c740180677bd6657d16ce118e56482
SHA1

e8101ac0d276585a9b1bf1fa76e808be9a491d97
SHA256

c58a8ecd1ba97383fd13567bd9b63d259e9c9bfa65202614d955ab6d6633586f
SHA512

a6b894498db514bf47417f15cea88f5b0e0075ae36d01d29b1103f095f3c546d98a3feb89c1b094807768f96733d4e70432e4e9aab2b53a58c5d9d6ca9a1dde3
SSDEEP

3072:sZcKcutbq8qRmwtV6fq8XpwqWYwBBCvGsC50:wcKcuZqRXr6fX+qEPCJC50

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1644	c58a8ecd1ba97383fd13567bd9b63d259e9c9bfa65202614d955ab6d6633586f.exe

C:\Users\Admin\AppData\Local\Temp\c58a8ecd1ba97383fd13567bd9b63d259e9c9bfa65202614d955ab6d6633586f.exe
"C:\Users\Admin\AppData\Local\Temp\c58a8ecd1ba97383fd13567bd9b63d259e9c9bfa65202614d955ab6d6633586f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1644

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1644-56-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download