10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 05:11

Target

10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
Size

6.2MB
MD5

a039fd8be15bd97d58b3459248473ec6
SHA1

954da96c04fe544e54fdab4f806aa364cca67bed
SHA256

10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d
SHA512

11ec20172798490cf33b7daa0dc09798d1789a478842f980a3739322c1abb2930fe83dedb9a4f975f631e2af53b6d651de33e9792cdfe73a5fd98113ebc1ebcd
SSDEEP

98304:x+GbHIaSiMJ4ccMovzzKxpkLk/vcyFLOAkGkzdnEVomFHKnP:xPdlPMqzzcpyk/vcyFLOyomFHKnP

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe
1936	10ab89a842ba9ce839f46075a8c7bdd22d9b2f03961cf03ca5367beb4c28e54d.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\Cyberpunk2077.ini

Filesize
21B

MD5
3a1bedbbb79615bcc4ff5c1429286011

SHA1
3158e88d7a1785f672e704df13961fcd2c4aec92

SHA256
1d046afbdc30c6e624fb6f22fd47f267623c4ccd79f9d1d360970831607105fd

SHA512
a6dbc0986730a4f8b30ad2ea8256107c6f3831a9b7364040e847372eb4900529db42dbbecd8865270d906e469bf2c20109a74612ffbb0bd388607606b57153a8

Download Submit