dc4071c74c1fbd0a82a50398d9c47f19950ff0d8304e9d4fc9da83100dcbfb8a

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 18:22

Target

dc4071c74c1fbd0a82a50398d9c47f19950ff0d8304e9d4fc9da83100dcbfb8a.exe
Size

346KB
MD5

60ad065ad2abc6909dc3d61e360e5b17
SHA1

ba9e5a7733a6ae705a3acfef6b22b0324f24352e
SHA256

dc4071c74c1fbd0a82a50398d9c47f19950ff0d8304e9d4fc9da83100dcbfb8a
SHA512

b2c167c0f867afdeae016d293ba5316202f84781a906fddff718c0dcb059b3971c1df9fb967c5fb2f2583729ba8f5a4be6d80963eeb66beeb88daa4444adfc59
SSDEEP

6144:wa5I9qPqJACQstEQBOFYBHL19fwXLCzbNDWmbZRUERIUN7Ts:wa5TPqJt19fwY023j7Ts

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\IconCreations.job	dc4071c74c1fbd0a82a50398d9c47f19950ff0d8304e9d4fc9da83100dcbfb8a.exe

C:\Users\Admin\AppData\Local\Temp\dc4071c74c1fbd0a82a50398d9c47f19950ff0d8304e9d4fc9da83100dcbfb8a.exe
"C:\Users\Admin\AppData\Local\Temp\dc4071c74c1fbd0a82a50398d9c47f19950ff0d8304e9d4fc9da83100dcbfb8a.exe"
1⤵
- Drops file in Windows directory
PID:1508

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1508-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1508-55-0x00000000003A0000-0x00000000003CF000-memory.dmp

Filesize
188KB

Download