4f25cafcbf73252552d651e7af8dfa423921350c2f937f24db786cff280fbd6a

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 12:48

Target

ITR-5.exe
Size

564KB
MD5

4437635f9e8a4987d4196cd1eb20e4d2
SHA1

939ffe6a6316ac3a4f863ec286ba3803b67ea606
SHA256

4f25cafcbf73252552d651e7af8dfa423921350c2f937f24db786cff280fbd6a
SHA512

16511508332a40c9defa0363d417003a1f7d0b1a0c868a1455e2a7848cc84f7bb40d1a4e6a92a0fb431fc492cb9c5989768aa35f4e240273b1ebc66f2db506ce
SSDEEP

6144:VS2DzbwJSU/tcc1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDYR:3bwJSr46A9jmP/uhu/yMS08CkntxYR

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2864	2392	ITR-5.exe	28
PID 2392 wrote to memory of 2864	2392	ITR-5.exe	28
PID 2392 wrote to memory of 2864	2392	ITR-5.exe	28
PID 2392 wrote to memory of 2864	2392	ITR-5.exe	28

C:\Users\Admin\AppData\Local\Temp\ITR-5.exe
"C:\Users\Admin\AppData\Local\Temp\ITR-5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:2864

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact