d0c42d124e0ea54fad4ce50807a2c0ac84f5e5b4c37b085692e8fade85935260

Analysis

max time kernel
29s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 23:14

Target

d0c42d124e0ea54fad4ce50807a2c0ac84f5e5b4c37b085692e8fade85935260.exe
Size

207KB
MD5

6faaed36c6078edb7bd291e43fd6fd10
SHA1

87c70962ea077d85e600b25b4156ff15035b68d7
SHA256

d0c42d124e0ea54fad4ce50807a2c0ac84f5e5b4c37b085692e8fade85935260
SHA512

5b67509986dd8f59c935e620f88f4ea9f76aedb901d39bd320b2fa0fc01f477f687da0ae31d6eee481e41023b13f1d6bdccc139e5cf1b9c7b8cc0aac35be0340
SSDEEP

3072:995CBh5DB/POJ/XNs/le1C7WbYAC+/M+DhBSCblW9BIPo1uLYHsEswac:995ChB/WJf9UKbr/hDhN3VLYMEswac

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task[973b].job	d0c42d124e0ea54fad4ce50807a2c0ac84f5e5b4c37b085692e8fade85935260.exe

C:\Users\Admin\AppData\Local\Temp\d0c42d124e0ea54fad4ce50807a2c0ac84f5e5b4c37b085692e8fade85935260.exe
"C:\Users\Admin\AppData\Local\Temp\d0c42d124e0ea54fad4ce50807a2c0ac84f5e5b4c37b085692e8fade85935260.exe"
1⤵
- Drops file in Windows directory
PID:976

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/976-54-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download
memory/976-55-0x0000000000110000-0x000000000013F000-memory.dmp

Filesize
188KB

Download
memory/976-59-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/976-60-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download