574a56e5a78a92eb1923a36e1a88d12853b7befa5bb993b0fe514116b2f3f4e4

Analysis

max time kernel
45s
max time network
151s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
24-07-2022 23:42

Target

574a56e5a78a92eb1923a36e1a88d12853b7befa5bb993b0fe514116b2f3f4e4.exe
Size

296KB
MD5

3b631a3c34fbd7e1a670dd0730cf5fff
SHA1

8a01aece067896f3a23dd3fe7f9fb2cc3ba7b969
SHA256

574a56e5a78a92eb1923a36e1a88d12853b7befa5bb993b0fe514116b2f3f4e4
SHA512

6f589ddf8d7d7ac657cc3ea4c423356d8afb91a932432c2b889233a4e15d499b547958d10c9b767e9d4f4061d0072f10608f2d758effe93738318e850f44945a

Score

10^/10

suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
suricata
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in Windows directory 1 IoCs

Processes:

574a56e5a78a92eb1923a36e1a88d12853b7befa5bb993b0fe514116b2f3f4e4.exe

description ioc process

File created C:\Windows\Tasks\FileReserve.job 574a56e5a78a92eb1923a36e1a88d12853b7befa5bb993b0fe514116b2f3f4e4.exe

description	ioc	process
File created	C:\Windows\Tasks\FileReserve.job	574a56e5a78a92eb1923a36e1a88d12853b7befa5bb993b0fe514116b2f3f4e4.exe

C:\Users\Admin\AppData\Local\Temp\574a56e5a78a92eb1923a36e1a88d12853b7befa5bb993b0fe514116b2f3f4e4.exe
"C:\Users\Admin\AppData\Local\Temp\574a56e5a78a92eb1923a36e1a88d12853b7befa5bb993b0fe514116b2f3f4e4.exe"
1⤵
- Drops file in Windows directory
PID:1648

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1648-54-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download
memory/1648-55-0x00000000001B0000-0x00000000001DF000-memory.dmp

Filesize
188KB

Download