f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df

Analysis

max time kernel
311s
max time network
385s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 17:23

Target

f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df.exe
Size

256KB
MD5

0d4cdf5cf99a75ac6d6393afc770e050
SHA1

de9983f3caec9e298ca3d0c699aee80b93e19aa2
SHA256

f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df
SHA512

bfd8dbfff49b2f8b91a6aa61ce11d1b3476a0de7d0adc4bdfea07a6abefb5c8ab5d7e64c8437511f386279c39ce2d2c5573b94f2bcf1ae44a76bfd73d0fdee62
SSDEEP

6144:ev7avoNymi+7eeyz2P9NnnnFCpImnTZygoHlKnvmb7/D26UBnmbLBXSG:eGvoNymi+7eOP9anTZygoHlKnvmb7/Dr

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1724	f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df.exe

C:\Users\Admin\AppData\Local\Temp\f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df.exe
"C:\Users\Admin\AppData\Local\Temp\f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1724

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact