1812fe508c81ecfdf08b6f3f6962f9ebbf683c7b39d60fbeca5a0663ff196cce | Triage

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-06-2022 18:36

Sharing

Report Analysis Logs

General

Target

1812fe508c81ecfdf08b6f3f6962f9ebbf683c7b39d60fbeca5a0663ff196cce.exe
Size

323KB
MD5

28ed4ff60872b6508a99b4757d30bea5
SHA1

b1dc8d74c51409560a13bc57212a45bd5ae7f0b3
SHA256

1812fe508c81ecfdf08b6f3f6962f9ebbf683c7b39d60fbeca5a0663ff196cce
SHA512

5a6fb3b7fbc55b8e9e68a8c9cc3932e6503d781fffb06da6ccb4e6a686aae9e7a0803f7cf88f09492c34f23e199a7c2cdb25c1b25e09ac0db192c2cdc32b1779

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in Windows directory 1 IoCs

Processes:

1812fe508c81ecfdf08b6f3f6962f9ebbf683c7b39d60fbeca5a0663ff196cce.exe

description ioc process

File opened for modification C:\Windows\o 1812fe508c81ecfdf08b6f3f6962f9ebbf683c7b39d60fbeca5a0663ff196cce.exe

C:\Users\Admin\AppData\Local\Temp\1812fe508c81ecfdf08b6f3f6962f9ebbf683c7b39d60fbeca5a0663ff196cce.exe
"C:\Users\Admin\AppData\Local\Temp\1812fe508c81ecfdf08b6f3f6962f9ebbf683c7b39d60fbeca5a0663ff196cce.exe"
1⤵
- Drops file in Windows directory
PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-54-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download
memory/2036-55-0x0000000002A40000-0x0000000002A90000-memory.dmp

Filesize
320KB

Download
memory/2036-56-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2036-58-0x0000000002A40000-0x0000000002A90000-memory.dmp

Filesize
320KB

Download