7152c2373322cc603b18e28a90b5fe7be7e285ec96d34ea39aeaf07c4112758a | Triage

Analysis

max time kernel
142s
max time network
141s
platform
windows7_x64
resource
win7v20201028
submitted
17-11-2020 12:40

Sharing

Report Analysis Logs

General

Target

8fb2b079aaa14ae4127f5f8f0172f676.exe
Size

531KB
MD5

1f441c55752a4e958b4ccfbd65250f2b
SHA1

cc747cbfcce12218b649d71df5a3a473605c53ea
SHA256

7152c2373322cc603b18e28a90b5fe7be7e285ec96d34ea39aeaf07c4112758a
SHA512

13b8c51506bc0c8d1c9ecedd184f6696fc4f59ebab1822197f22a7538546bebc936354226ba442fd73a8340de73f3d99d45183ad2eaa2663552adeaeb59964df

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

8fb2b079aaa14ae4127f5f8f0172f676.exe

pid process

1808 8fb2b079aaa14ae4127f5f8f0172f676.exe

C:\Users\Admin\AppData\Local\Temp\8fb2b079aaa14ae4127f5f8f0172f676.exe
"C:\Users\Admin\AppData\Local\Temp\8fb2b079aaa14ae4127f5f8f0172f676.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1808

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1408-0-0x000007FEF5D50000-0x000007FEF5FCA000-memory.dmp

Filesize
2.5MB

Download