879d1449f25a15813ea50b96b890c4938f43076083c3aa0dc2d21b3a42436fb3

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 18:28

Target

879d1449f25a15813ea50b96b890c4938f43076083c3aa0dc2d21b3a42436fb3.exe
Size

296KB
MD5

6577912351be536a0428fb0f876747bb
SHA1

205b17ac3fcf8014f8ab2c1cc4fc5b8e6628ec37
SHA256

879d1449f25a15813ea50b96b890c4938f43076083c3aa0dc2d21b3a42436fb3
SHA512

07581c3b0842c70bd65f32fffb0dfc69c50d7c57aa08a1532d1a2cb2df51febc2e907c16acd79de477a75e59c7fc5bedf91b5daf0cf3723aba4535b5bd912c39
SSDEEP

6144:KVpdj0rfCZDvK/RZaqKg0tBGA3dG2PQbZsMpjE:q3j0TuK/X4tFlPGjE

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\KeyLights.job	879d1449f25a15813ea50b96b890c4938f43076083c3aa0dc2d21b3a42436fb3.exe

C:\Users\Admin\AppData\Local\Temp\879d1449f25a15813ea50b96b890c4938f43076083c3aa0dc2d21b3a42436fb3.exe
"C:\Users\Admin\AppData\Local\Temp\879d1449f25a15813ea50b96b890c4938f43076083c3aa0dc2d21b3a42436fb3.exe"
1⤵
- Drops file in Windows directory
PID:1364

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1364-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1364-55-0x0000000000390000-0x00000000003BF000-memory.dmp

Filesize
188KB

Download
memory/1364-59-0x0000000000190000-0x00000000001C2000-memory.dmp

Filesize
200KB

Download
memory/1364-60-0x0000000000190000-0x00000000001C2000-memory.dmp

Filesize
200KB

Download