c8bc425f3201c25f61942597a5bd5f7ca2410a9c04811ae0180cb047d7701f43

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 15:01

Target

vykyfqfk.bin.exe
Size

2.6MB
MD5

9c55c5482f2599282613a9677dc9010c
SHA1

441e9706756e28d2112f60e1a5fe3c0ed4368a8c
SHA256

c8bc425f3201c25f61942597a5bd5f7ca2410a9c04811ae0180cb047d7701f43
SHA512

07c8da517ad919df750a1c1a13007583be76e8f113960e76f6c1b984b63710ea0ebf3966ce06aef19575fe0a7008bbe2bd802578f8ceb1b6b92b1cc03dd3f19a
SSDEEP

49152:zbYHwQf1ukWk5cS7a+9XYaQtZehc4mTYJ78V9gyBn4cgfmP/SA8N9bYHwQf1:zbnajJ2Z942KQV9hp4BfmP/SA8nb

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

vykyfqfk.bin.exe

pid process

2040 vykyfqfk.bin.exe
2040 vykyfqfk.bin.exe
2040 vykyfqfk.bin.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

vykyfqfk.bin.exe

description	pid	process	target process
PID 2040 wrote to memory of 2600	2040	vykyfqfk.bin.exe	cmd.exe
PID 2040 wrote to memory of 2600	2040	vykyfqfk.bin.exe	cmd.exe
PID 2040 wrote to memory of 2600	2040	vykyfqfk.bin.exe	cmd.exe
PID 2040 wrote to memory of 2600	2040	vykyfqfk.bin.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\vykyfqfk.bin.exe
"C:\Users\Admin\AppData\Local\Temp\vykyfqfk.bin.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:2600

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact