965616976ed28bffd24f8316ba6bad5d6008dc511c757643f038bc6c57c37e2b

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 21:44

Target

VisualISO.exe
Size

564KB
MD5

2246d1b3a790fe9e83140be0af0832a4
SHA1

2ee99ce70802f22306de80115529a2e0d49f5cfb
SHA256

9e5380042b2de563155ff173ed0ad14bc41744760190ad76b204d637e9276c2b
SHA512

e7d3450bd67a16dfe38a881fa91ec010322ca2aff2d7806e09fb15ec7faac2747c4d48a56f1f0aafaa8266e26056d56aa42d523dba56a317d5a9bafa435bb505
SSDEEP

6144:M5rF2vS/LbHmrWKdcLd55ligBvof2MapKND50f5wOjQ79pni0BKWIOUtm:erkazbHmrWKdWrligQ+MY4DSDU79Ud

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3036	VisualISO.exe
3036	VisualISO.exe

C:\Users\Admin\AppData\Local\Temp\VisualISO.exe
"C:\Users\Admin\AppData\Local\Temp\VisualISO.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3036

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact