8acf825f1593c8e3bf6810aa9d47cbf8c9624de318c2c61b74a8ed0532f85abc

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 15:40

Target

0422de23b93917dd76cbe3b61367db94.exe
Size

78KB
MD5

0422de23b93917dd76cbe3b61367db94
SHA1

9329df8f349937c2b40d4fb05ca5474de13902c1
SHA256

8acf825f1593c8e3bf6810aa9d47cbf8c9624de318c2c61b74a8ed0532f85abc
SHA512

250de28adc748d8c10240a4e6df51b35f0653bf1dc099b23286e929b5e433cc3fefbd9bb209b3cea0a6e4a0b1cf04aa2337890207c2f3f77a0e186f888c4fe5d
SSDEEP

1536:mSPD/dQLYD6iUpMUmJE6VwZBBEfsG0ewV4xBAIuZsnjV9+Qap9H8S3:mARQsxUSUmJrVwZBysT3ixqZsn5/anHr

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2132	0422de23b93917dd76cbe3b61367db94.exe

C:\Users\Admin\AppData\Local\Temp\0422de23b93917dd76cbe3b61367db94.exe
"C:\Users\Admin\AppData\Local\Temp\0422de23b93917dd76cbe3b61367db94.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2132

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact