c53613b8010ff9d0ff5eecffdcb5b7738294ffd4014687d3598fff7fe906d6d2

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 11:44

Target

台大補課系統.exe
Size

1.7MB
MD5

5bc61b27b0a25aa6097ae70914f7b7f5
SHA1

a051e7c5ef569e53f820830ed98d12c39f079bc6
SHA256

c53613b8010ff9d0ff5eecffdcb5b7738294ffd4014687d3598fff7fe906d6d2
SHA512

18f440f17c86ce747cd73fbfa259585cd6bce514d3f9ae44ee321ac566ae9f4627151105b8ee0f5bfd9dcf081182b794f37b3da038fae06e0b584352beecae9f
SSDEEP

24576:3bgg/kqG4rwYim/6FWOYYdHwpfW5dnaII2w+Z43/p/cGcLbDPGO:rHkyr0m/gH7+BidnGrpNcvDPGO

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2664	台大補課系統.exe
2664	台大補課系統.exe

C:\Users\Admin\AppData\Local\Temp\台大補課系統.exe
"C:\Users\Admin\AppData\Local\Temp\台大補課系統.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2664

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact