bfcc2917e52d5146b26850df0356a25af0b30b683aec08c265824c2eae4867df

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 22:38

Target

c1c8a989b1835396f57dbe6457aa3c89.exe
Size

6.0MB
MD5

c1c8a989b1835396f57dbe6457aa3c89
SHA1

d8124e7f7e993786abaf84a3dfd8f6699da1c326
SHA256

bfcc2917e52d5146b26850df0356a25af0b30b683aec08c265824c2eae4867df
SHA512

d9fbcd46d21430289e6869b2756e94990c291a483627d21852bfd54a6ec549f10202060a39dcd3a4f761034aaaddba6fb6c127a501f663a53f7e9068f196b3cf
SSDEEP

98304:/zeoDRJ/WoD1rHRk4srTRPnpRXQKaoVASgT4eB:be0Jv6TBvpRXxt+SeB

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 228 set thread context of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4920	c1c8a989b1835396f57dbe6457aa3c89.exe
4920	c1c8a989b1835396f57dbe6457aa3c89.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4920	c1c8a989b1835396f57dbe6457aa3c89.exe
4920	c1c8a989b1835396f57dbe6457aa3c89.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90
PID 228 wrote to memory of 4920	228	c1c8a989b1835396f57dbe6457aa3c89.exe	90

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/228-0-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/228-4-0x0000000000400000-0x00000000009D0000-memory.dmp

Filesize
5.8MB

Download
memory/4920-1-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/4920-2-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/4920-3-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/4920-5-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/4920-6-0x0000000000DB0000-0x0000000000DB1000-memory.dmp

Filesize
4KB

Download
memory/4920-7-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/4920-8-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/4920-9-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/4920-10-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/4920-11-0x0000000000DB0000-0x0000000000DB1000-memory.dmp

Filesize
4KB

Download