701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53

Analysis

max time kernel
89s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2023 07:22

Target

701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe
Size

1.5MB
MD5

40e70af2f17b458e75b7891355557b88
SHA1

c04d8eb0eb01465c9e48c0dbf9ee359b29792b36
SHA256

701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53
SHA512

fb78fd6fe68bc726f9d976572ac03f3f91542aaa5e24af1ba1516d26515c8c4083b6f8b3116fc4ffb0488c6d8c4779748fe843d68f88d7c9dffe468dc19d620c
SSDEEP

24576:CgMRXundFh8AY4YiKYXfY3BaVKuhe427WMNGbeemac94y/bprGp95pcQo:iROb7v4YXmm1kJvemx9nrGp95pw

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe

pid	process
4196	701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe
4196	701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe
4196	701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe
4196	701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe

C:\Users\Admin\AppData\Local\Temp\701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe
"C:\Users\Admin\AppData\Local\Temp\701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4196

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact