d20cc2f82d1d63527d0cf1a7bace68902642a9674de5980342ceb56fc26aa4bf

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14-08-2023 08:56

Target

Credit_Note.exe
Size

2.3MB
MD5

40005c6ddba07071455a6e857863f0a8
SHA1

c4d5a7a58b543e27a92f3a4593cfde91cf315fc1
SHA256

dbe4a8777f3658cef44d3f6fc42a77eda7673797f09c24cdc8338776c8dc973b
SHA512

0c674aaf032315cfa37ec3fcc88e88b6c04beda1abe68366c13a8b36059878f72c3b5440e10c93c9f70fe60595e182bc55bd1e59bc2f04c25b37af17ecf0b25f
SSDEEP

49152:jkWk5cS7a+9XYaQvZehc4mTYJ78V9gyBn4cA2bLfmP/SA8N:rajJ8Z942KQV9hp4t6LfmP/SA8

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2576	2364	Credit_Note.exe	28
PID 2364 wrote to memory of 2576	2364	Credit_Note.exe	28
PID 2364 wrote to memory of 2576	2364	Credit_Note.exe	28
PID 2364 wrote to memory of 2576	2364	Credit_Note.exe	28

C:\Users\Admin\AppData\Local\Temp\Credit_Note.exe
"C:\Users\Admin\AppData\Local\Temp\Credit_Note.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:2576

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact