b851d54c8c962c94e1f308b36810de354227e3ac7225f0c65f2ce96a7536f14c

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 20:38

Target

b851d54c8c962c94e1f308b36810de354227e3ac7225f0c65f2ce96a7536f14c.exe
Size

314KB
MD5

6e57f168600ca0aa863dad5f4488bb88
SHA1

322d82d3733cda7fb07876c198b8bb89848c1a6f
SHA256

b851d54c8c962c94e1f308b36810de354227e3ac7225f0c65f2ce96a7536f14c
SHA512

0482a140729e0ef15b544ef4a8dc158b7cefdc859458e0a2ed8286ea3a9c5ed49e6df951173d17d0a6426665e46c512dab8779f64c404625d3e2149dfb2aae02
SSDEEP

6144:O/lRhI1CzRBMQV+IHz4nnNC50g0FXD/u:ORIwBMFd9gQXD/u

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\TaxiHub.job	b851d54c8c962c94e1f308b36810de354227e3ac7225f0c65f2ce96a7536f14c.exe

C:\Users\Admin\AppData\Local\Temp\b851d54c8c962c94e1f308b36810de354227e3ac7225f0c65f2ce96a7536f14c.exe
"C:\Users\Admin\AppData\Local\Temp\b851d54c8c962c94e1f308b36810de354227e3ac7225f0c65f2ce96a7536f14c.exe"
1⤵
- Drops file in Windows directory
PID:1044

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1044-54-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/1044-55-0x00000000001D0000-0x00000000001FF000-memory.dmp

Filesize
188KB

Download