57530e16da693cfc49fe4e5ea7163d536d94436bc44e36c57e94f560f029e04e

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
24-07-2022 23:26

Target

57530e16da693cfc49fe4e5ea7163d536d94436bc44e36c57e94f560f029e04e.exe
Size

205KB
MD5

7f82b3965c3e3f8663b3eb0038af04bb
SHA1

98c8f2b74bdba03547c0c69eb8e2a97b2490ac38
SHA256

57530e16da693cfc49fe4e5ea7163d536d94436bc44e36c57e94f560f029e04e
SHA512

d47f10dac33c891f279c09b9c88c15a42520c0e39602aa401cae4abdf69bd5769f176e355a630fd29e85d73d1900813213cc819af3a4b8e442c2feed5d3d60d1

Score

10^/10

suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
suricata
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in Windows directory 1 IoCs

Processes:

57530e16da693cfc49fe4e5ea7163d536d94436bc44e36c57e94f560f029e04e.exe

description ioc process

File created C:\Windows\Tasks\TravelOrganizer.job 57530e16da693cfc49fe4e5ea7163d536d94436bc44e36c57e94f560f029e04e.exe

description	ioc	process
File created	C:\Windows\Tasks\TravelOrganizer.job	57530e16da693cfc49fe4e5ea7163d536d94436bc44e36c57e94f560f029e04e.exe

C:\Users\Admin\AppData\Local\Temp\57530e16da693cfc49fe4e5ea7163d536d94436bc44e36c57e94f560f029e04e.exe
"C:\Users\Admin\AppData\Local\Temp\57530e16da693cfc49fe4e5ea7163d536d94436bc44e36c57e94f560f029e04e.exe"
1⤵
- Drops file in Windows directory
PID:1124

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1124-54-0x0000000075871000-0x0000000075873000-memory.dmp

Filesize
8KB

Download
memory/1124-55-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download
memory/1124-59-0x0000000000A01000-0x0000000000A22000-memory.dmp

Filesize
132KB

Download