0c4a667d2ee5f0fe0aa4e835dd6f00693feef4ed2b652f0ba5d59c872f260a94

Analysis

max time kernel
398s
max time network
403s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2023 00:41

Target

CLOSING UP.exe
Size

2.3MB
MD5

b0fde4f856305f4f38d1accca45f7e7f
SHA1

45c239a1f20675204988c47e5ab7f3347bd96370
SHA256

fd5b77188dba2d589addf9bd1931c71b2ff80632bc620f8d472d76827b56dc41
SHA512

b0b3715847f6dd52a54ffbe55891ea3362a252ff2db138171adf6fd69aee69227408b4b2b93ed89438df7c5844c933ea2d44122d656156c566890d821b4bab52
SSDEEP

49152:1kWk5cS7a+9XYaQaZehc4mTYJ78V9gyBn4cdfmP/SA8N:BajJRZ942KQV9hp4ifmP/SA8

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

CLOSING UP.exe

pid process

2212 CLOSING UP.exe
2212 CLOSING UP.exe
2212 CLOSING UP.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

CLOSING UP.exe

description	pid	process	target process
PID 2212 wrote to memory of 3328	2212	CLOSING UP.exe	cmd.exe
PID 2212 wrote to memory of 3328	2212	CLOSING UP.exe	cmd.exe
PID 2212 wrote to memory of 3328	2212	CLOSING UP.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\CLOSING UP.exe
"C:\Users\Admin\AppData\Local\Temp\CLOSING UP.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3328

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact