c6ef2dc6a2c138f92a396f94d46f6db2d7b73031c8c830cd6a01eab30d2276bf

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:16

Target

2d076d865fa054dbf1238a16ec721e66.exe
Size

78KB
MD5

2d076d865fa054dbf1238a16ec721e66
SHA1

c68f51d87e9df23c5bb0e56b66658dfaa0084c87
SHA256

c6ef2dc6a2c138f92a396f94d46f6db2d7b73031c8c830cd6a01eab30d2276bf
SHA512

a4696b784c1177cc6ca74c089dde8d284a5c783282a712bb2429dfa8ae4db0bf746b989e6ca93fcad827ca671d4d0f82e3292be6884ed34bb3fdba22db400f9a
SSDEEP

1536:mSPD/dQLYD6iUpMOmJEhX2D6KWRp0FCpSndtPUpkXKgPDgD4+yH7w7X/:mARQsxUSOmJEmDURbpIt8p2K6Db+yHcT

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2648	2d076d865fa054dbf1238a16ec721e66.exe

C:\Users\Admin\AppData\Local\Temp\2d076d865fa054dbf1238a16ec721e66.exe
"C:\Users\Admin\AppData\Local\Temp\2d076d865fa054dbf1238a16ec721e66.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2648

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact