9dab6775890cec31194c3c7d2e0b2e6454806d2f9e5762f501e0cd1c1da8cafa

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 12:07

Target

Inv No 46281.exe
Size

2.6MB
MD5

9c55c5482f2599282613a9677dc9010c
SHA1

441e9706756e28d2112f60e1a5fe3c0ed4368a8c
SHA256

c8bc425f3201c25f61942597a5bd5f7ca2410a9c04811ae0180cb047d7701f43
SHA512

07c8da517ad919df750a1c1a13007583be76e8f113960e76f6c1b984b63710ea0ebf3966ce06aef19575fe0a7008bbe2bd802578f8ceb1b6b92b1cc03dd3f19a
SSDEEP

49152:zbYHwQf1ukWk5cS7a+9XYaQtZehc4mTYJ78V9gyBn4cgfmP/SA8N9bYHwQf1:zbnajJ2Z942KQV9hp4BfmP/SA8nb

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Inv No 46281.exe

pid process

3412 Inv No 46281.exe
3412 Inv No 46281.exe
3412 Inv No 46281.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Inv No 46281.exe

description	pid	process	target process
PID 3412 wrote to memory of 1800	3412	Inv No 46281.exe	cmd.exe
PID 3412 wrote to memory of 1800	3412	Inv No 46281.exe	cmd.exe
PID 3412 wrote to memory of 1800	3412	Inv No 46281.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Inv No 46281.exe
"C:\Users\Admin\AppData\Local\Temp\Inv No 46281.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:1800

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact