cedbe431903bf01f333cae867335d349ac840072887931cda3be70aca2624816

Analysis

max time kernel
150s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2023, 19:46

Target

cedbe431903bf01f333cae867335d349ac840072887931cda3be70aca2624816.exe
Size

2.4MB
MD5

c4ef3846e5f777c485d7a497000024e4
SHA1

3df8abeadab6ed933165ff2581d5f784f443b926
SHA256

cedbe431903bf01f333cae867335d349ac840072887931cda3be70aca2624816
SHA512

f47961bd6ed6296052e09ef03649ff7c7994c4af7ecbbc3bffc58bf8ec0b86ed797507c4ff5fcc0701e6c95dc9265a6dfcaee3cb5e1661b987ba1ddd7bb23c4d
SSDEEP

49152:qFCCNBt646JBlHgFnXA8T8KuHMBtdF6JW:qFxTWlHcwPHMBtdb

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4924	cedbe431903bf01f333cae867335d349ac840072887931cda3be70aca2624816.exe

C:\Users\Admin\AppData\Local\Temp\cedbe431903bf01f333cae867335d349ac840072887931cda3be70aca2624816.exe
"C:\Users\Admin\AppData\Local\Temp\cedbe431903bf01f333cae867335d349ac840072887931cda3be70aca2624816.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4924

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4924-133-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/4924-134-0x0000000003CD0000-0x0000000003D0C000-memory.dmp

Filesize
240KB

Download
memory/4924-135-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/4924-136-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download