Overview

overview

6

Static

static

2d3fc3a0b5...cf.exe

windows7_x64

6

2d3fc3a0b5...cf.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    91s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    14-06-2022 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d3fc3a0b53212141b61f7f22019a50ec13db741669cb0851218dbd9b166a4cf.exe

  • Size

    216KB

  • MD5

    4509ca8c6c44a2b9825dfe3936dcd9e3

  • SHA1

    97e35fa85d8ac5cb291ae1b1e0c07729ac324d06

  • SHA256

    2d3fc3a0b53212141b61f7f22019a50ec13db741669cb0851218dbd9b166a4cf

  • SHA512

    8a34354817de80d6c6f804e088af4d5f6fc2d86a194bbe35e203aeb2c446f3997efd117e33ad05b5ad50c6b0a2d7cc8263ded8be8a5430d731b9e6e6630eaf7e

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d3fc3a0b53212141b61f7f22019a50ec13db741669cb0851218dbd9b166a4cf.exe
    "C:\Users\Admin\AppData\Local\Temp\2d3fc3a0b53212141b61f7f22019a50ec13db741669cb0851218dbd9b166a4cf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4748

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4748-130-0x00000000009F0000-0x00000000009F8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/4748-131-0x0000000000400000-0x0000000000453000-memory.dmp
    Filesize

    332KB

    Download
  • memory/4748-134-0x00000000009F0000-0x00000000009F8000-memory.dmp
    Filesize

    32KB

    Download