682f6caf63fd6e5bd13d8775e81a0f7e8a219b008e0840742d0b77b47f80e3a5

Analysis

max time kernel
3s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 14:24

Target

254b2689b075095ffa49da2f115f736b.exe
Size

296KB
MD5

254b2689b075095ffa49da2f115f736b
SHA1

0c76aab3f9be0f1440c95f7a2f563407e29b91ee
SHA256

682f6caf63fd6e5bd13d8775e81a0f7e8a219b008e0840742d0b77b47f80e3a5
SHA512

fa71920465ed06a2c3c27d3403bad2d8aced19810eac62a7e8ea704242d06053fdf0fe146c4434dda9b45730634b0dba07a6922e97bfd39a92cb696012cdc650
SSDEEP

6144:wkFD1y0FXrKnvmb7/D26OJYPsMiqDJlJNwHG60Ja20EBb4jHX3QA/hwNGhWhThP1:wyD1y0F7Knvmb7/D265DJlJNwHG6sTbX

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2060	254b2689b075095ffa49da2f115f736b.exe

C:\Users\Admin\AppData\Local\Temp\254b2689b075095ffa49da2f115f736b.exe
"C:\Users\Admin\AppData\Local\Temp\254b2689b075095ffa49da2f115f736b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2060
- C:\Users\Admin\veacoev.exe
  "C:\Users\Admin\veacoev.exe"
  2⤵
  PID:1880

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\veacoev.exe

Filesize
32KB

MD5
7b8803179e9a7a366ad5f2247760e9a3

SHA1
0bcfa292576d59f8c8ba1ebbebf5be95fe44ba8d

SHA256
8d549eb13582d64d5069a6f0057df98c9a6e7323f3e78af771c5087aa48c1178

SHA512
dd07510fb459bb6ea86e407b67a48817c0d6e2edd3f813d264a16784021a16d1189cbaf8b7f0774b95716ac3c6fcb0ff47c64e8d79f5343c5ada1356c7439475

Download Submit