0452e3038b112d0abbb6f9197262562ad59ff65840a3b19a156e7a238873ab67

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 22:55

Target

ad11301068d865de71287907c12f74b7.exe
Size

28KB
MD5

ad11301068d865de71287907c12f74b7
SHA1

5ed942374dea05d33bbbaec81782993a5e0ede71
SHA256

0452e3038b112d0abbb6f9197262562ad59ff65840a3b19a156e7a238873ab67
SHA512

a5a6d120d1872e1eca9e83094b74cc3d784b63e8281a43cd6aea9fae3bc2fba95bd01684f4b68c0b40098a4563a4b33346af92a1ebd47c8a82c387a85820eebc
SSDEEP

192:cMVJ8i0Cxan+LKyMHknPE049xXYT85B+PAqWXdr95aE3xmgZ/QdomgDJll9P1oyQ:EpCEhxSICPAqYJ6+hDJllp15M88XGBF

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2072	ad11301068d865de71287907c12f74b7.exe

C:\Users\Admin\AppData\Local\Temp\ad11301068d865de71287907c12f74b7.exe
"C:\Users\Admin\AppData\Local\Temp\ad11301068d865de71287907c12f74b7.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2072

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact