1b712a2dad7eae617d7b13d6629feed98ee3095994fa3988b95b002e794d9d3d

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 09:53

Target

79eddfd565bfa9c48f97aaf67fb6477e.exe
Size

560KB
MD5

79eddfd565bfa9c48f97aaf67fb6477e
SHA1

82b669c58e22b2179aad78e9b74b7193678b82db
SHA256

1b712a2dad7eae617d7b13d6629feed98ee3095994fa3988b95b002e794d9d3d
SHA512

f38f52755336f0a8fe9410be322d76a843d713d5bc01d17a04d7bb7f93636781ac3ef4d0d22551bce1ab65baac4f9b993d1ade3770f852bafe6b872dd3a14a31
SSDEEP

12288:M55TFuJL2k/jkAtBjT7CBR8Q7Vsm+vd2fNXLOD5v6:QFuJL2kLkC9/m+CVsbvd2lLO

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2264	79eddfd565bfa9c48f97aaf67fb6477e.exe

C:\Users\Admin\AppData\Local\Temp\79eddfd565bfa9c48f97aaf67fb6477e.exe
"C:\Users\Admin\AppData\Local\Temp\79eddfd565bfa9c48f97aaf67fb6477e.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2264

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact