5859447c59da8ccf030681f8e0bcfdce10caf46532c624fa63b6e9009f840c39

Analysis

max time kernel
127s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2023 05:14

Target

Invoice No 80659.exe
Size

420KB
MD5

faab4fd3a2fe8cb413f08e09435a6163
SHA1

48635d53b9f4e46debc72bebc86b67a8e2fc5050
SHA256

5859447c59da8ccf030681f8e0bcfdce10caf46532c624fa63b6e9009f840c39
SHA512

9db97c93d006540e2c089d9e97836a506af1c24c364b80b2920d5c1a0a7e03e3165496d384fafc978db33657b9cd6fc757203c256233992c80ed10c6e5c31ffd
SSDEEP

12288:lzQkJorB46A9jmP/uhu/yMS08CkntxYRZJL:lzd2ufmP/UDMS08Ckn3uh

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 876	1360	Invoice No 80659.exe	81
PID 1360 wrote to memory of 876	1360	Invoice No 80659.exe	81
PID 1360 wrote to memory of 876	1360	Invoice No 80659.exe	81

C:\Users\Admin\AppData\Local\Temp\Invoice No 80659.exe
"C:\Users\Admin\AppData\Local\Temp\Invoice No 80659.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:876

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact