6b7fcdf4dfcab3f5970037e6e2556a08b1813bcb70cd08415c8424540e9797ea

Analysis

max time kernel
12s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 01:04

Target

1f132413bf6cc438541c0f933ca4d27d.exe
Size

48KB
MD5

1f132413bf6cc438541c0f933ca4d27d
SHA1

2b3f4d7b6065d0a6faa91199c0d9a0f391353ce7
SHA256

6b7fcdf4dfcab3f5970037e6e2556a08b1813bcb70cd08415c8424540e9797ea
SHA512

c73510c985533d972531ca86e256267b5cd8fc7db5c0339a1a6e94482b2cccb330ab98a99f5dada11223bd8120018db62e3ef677f870c1cf19dd741743afe360
SSDEEP

768:YJSHHQ6Fj2wWqWVqY/QQQVuCQCVPwH+ObWOxJ:bw0CVpQjjV7OCCJ

Score

1^/10

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

pid	Process
2212	tasklist.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4820	1f132413bf6cc438541c0f933ca4d27d.exe
4820	1f132413bf6cc438541c0f933ca4d27d.exe

C:\Users\Admin\AppData\Local\Temp\1f132413bf6cc438541c0f933ca4d27d.exe
"C:\Users\Admin\AppData\Local\Temp\1f132413bf6cc438541c0f933ca4d27d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4820
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c tasklist&&del 1f132413bf6cc438541c0f933ca4d27d.exe
  2⤵
  PID:2500

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:2212

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact