c8bc425f3201c25f61942597a5bd5f7ca2410a9c04811ae0180cb047d7701f43

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 15:01

Target

vykyfqfk.bin.exe
Size

2.6MB
MD5

9c55c5482f2599282613a9677dc9010c
SHA1

441e9706756e28d2112f60e1a5fe3c0ed4368a8c
SHA256

c8bc425f3201c25f61942597a5bd5f7ca2410a9c04811ae0180cb047d7701f43
SHA512

07c8da517ad919df750a1c1a13007583be76e8f113960e76f6c1b984b63710ea0ebf3966ce06aef19575fe0a7008bbe2bd802578f8ceb1b6b92b1cc03dd3f19a
SSDEEP

49152:zbYHwQf1ukWk5cS7a+9XYaQtZehc4mTYJ78V9gyBn4cgfmP/SA8N9bYHwQf1:zbnajJ2Z942KQV9hp4BfmP/SA8nb

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 5064	2104	vykyfqfk.bin.exe	86
PID 2104 wrote to memory of 5064	2104	vykyfqfk.bin.exe	86
PID 2104 wrote to memory of 5064	2104	vykyfqfk.bin.exe	86

C:\Users\Admin\AppData\Local\Temp\vykyfqfk.bin.exe
"C:\Users\Admin\AppData\Local\Temp\vykyfqfk.bin.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:5064

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact