66b74b95ceb63aed3742d8e42e7d93734daf8e965e25308dec712377f9617fd1

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 07:10

Target

新建文件夹/setup3.exe
Size

3.9MB
MD5

ab582ff6a74e9f976111ce730d640ad5
SHA1

be287e5018ded2f913e9c9060a18eefe0fa200d1
SHA256

8cbd16eb6ad744f0463991aff04bbbb8ce7e51635dd68025788e9e63ca79d62b
SHA512

6e0dfdbbcd86fc591f8a84d52f393b4a0e54d11893487b4564a586e0a824666e823ad43efe35d80d287904e9493bd8c0c058aaaca60fb670339bb0780db7245a
SSDEEP

98304:yUoSKgN0kcE5pK8jf6IVLBKSIZSXh99YeT:yTAN0Oz7SHZWT

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2432	setup3.exe
2432	setup3.exe

C:\Users\Admin\AppData\Local\Temp\新建文件夹\setup3.exe
"C:\Users\Admin\AppData\Local\Temp\新建文件夹\setup3.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2432

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact