e0dc84ba0825edc9e3f0bd29f5a71c684e06c3317b97d2b28b65cc4b9733256d

Analysis

max time kernel
128s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29/05/2023, 06:39

Target

e0dc84ba0825edc9e3f0bd29f5a71c684e06c3317b97d2b28b65cc4b9733256d.exe
Size

601KB
MD5

a181fd97f07cda2a10203b7ba2822dff
SHA1

7fe34fb1d05ff8d66b2104dad9dba7d472342901
SHA256

e0dc84ba0825edc9e3f0bd29f5a71c684e06c3317b97d2b28b65cc4b9733256d
SHA512

9d20e3c62b9d256b7c81e521981e92b4b9d2f185aaa210f231eec9a217fcb0d6e49b3d5fd16ad6c68a85635d5cdd00fefd15adda200409716040aa2b46364781
SSDEEP

12288:3t6zTgq23yDK8vnU4FH1E6mrKrClBdCkUcHBXWAVy/EhbJ40fKG:yTS3yDK8vnfFH66mrKrClBhUcH49Ehbf

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
884	e0dc84ba0825edc9e3f0bd29f5a71c684e06c3317b97d2b28b65cc4b9733256d.exe

C:\Users\Admin\AppData\Local\Temp\e0dc84ba0825edc9e3f0bd29f5a71c684e06c3317b97d2b28b65cc4b9733256d.exe
"C:\Users\Admin\AppData\Local\Temp\e0dc84ba0825edc9e3f0bd29f5a71c684e06c3317b97d2b28b65cc4b9733256d.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:884

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact