16b59cfd0f86552b25e0770506862077c4e0aa872a68c8e8dd05f6d9bc7b92be | Triage

Analysis

max time kernel
4s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
11-11-2020 11:21

Sharing

Report Analysis Logs

General

Target

16b59cfd0f86552b25e0770506862077c4e0aa872a68c8e8dd05f6d9bc7b92be.exe
Size

559KB
MD5

27a5ab7667161432333d524585195df5
SHA1

00e937e04fe369760e4cc9d99bbb2e9ea8e41616
SHA256

16b59cfd0f86552b25e0770506862077c4e0aa872a68c8e8dd05f6d9bc7b92be
SHA512

70c30e951d9d437eaabf7de50cadc7dfd99d50d1b0dcfbc50b5041c32d7d50f24a3a748749289a1c3ff2bd95417aa71d45b89f74407ba62877989ec448fb6dc5

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

16b59cfd0f86552b25e0770506862077c4e0aa872a68c8e8dd05f6d9bc7b92be.exe

pid process

1668 16b59cfd0f86552b25e0770506862077c4e0aa872a68c8e8dd05f6d9bc7b92be.exe

C:\Users\Admin\AppData\Local\Temp\16b59cfd0f86552b25e0770506862077c4e0aa872a68c8e8dd05f6d9bc7b92be.exe
"C:\Users\Admin\AppData\Local\Temp\16b59cfd0f86552b25e0770506862077c4e0aa872a68c8e8dd05f6d9bc7b92be.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1668

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...