c1435dc6d142ca92c5cc2b86aa828c53388288ee1d3ee925c1f3da9ce2fb5427

Analysis

max time kernel
142s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 15:07

Target

c1435dc6d142ca92c5cc2b86aa828c53388288ee1d3ee925c1f3da9ce2fb5427.exe
Size

1.9MB
MD5

7c2a57039e60f838a5b4837c211bbe65
SHA1

fa279ef13fae0e5e7ed32a4bc81f823d5aec22a6
SHA256

c1435dc6d142ca92c5cc2b86aa828c53388288ee1d3ee925c1f3da9ce2fb5427
SHA512

2dbbdf9dbe350bdc0b7478f5e3aeb36a9d6e9f42c03ff34e3db7d79937c5089df50149e1ef956b47ff2404e90d3e5f538f0eab9f055728825a195a025d987bdd
SSDEEP

49152:b23PvKSwHj4JguSdV5sVWxy3WZzrnyKmIBV81hrnJN4wh8:iHKbHESdV5sVWxwWlbyKmOG

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4224	c1435dc6d142ca92c5cc2b86aa828c53388288ee1d3ee925c1f3da9ce2fb5427.exe
4224	c1435dc6d142ca92c5cc2b86aa828c53388288ee1d3ee925c1f3da9ce2fb5427.exe

C:\Users\Admin\AppData\Local\Temp\c1435dc6d142ca92c5cc2b86aa828c53388288ee1d3ee925c1f3da9ce2fb5427.exe
"C:\Users\Admin\AppData\Local\Temp\c1435dc6d142ca92c5cc2b86aa828c53388288ee1d3ee925c1f3da9ce2fb5427.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4224

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact