3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee

Analysis

max time kernel
61s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2023 19:03

Target

3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee.exe
Size

841KB
MD5

edad58cc455876406af91231c0435d10
SHA1

0bbfda69a385aa6709fd1e54aa87279f439955da
SHA256

3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee
SHA512

c222cde294c79c7083cb006454cc5d52ea6863e45eb11258f391495756d657e5692dee6ed5e894e7f27999be0460042bb8b2db6630e73f3d773573108d62dba7
SSDEEP

12288:bctDEtOfN/PBEnAjGFIae5INM+NvHXlar++batPyY8HG+ZjPkb4qDa3:kDE6pmnAjGFPeU5xePbAy9Hxq4t3

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4512	3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee.exe
4512	3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee.exe
4512	3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee.exe
4512	3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee.exe

C:\Users\Admin\AppData\Local\Temp\3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee.exe
"C:\Users\Admin\AppData\Local\Temp\3ddb4c1c78b3a023c5d61b5c9f628e5239a24f84800acdbf8c22980e6012bdee.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4512

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact