c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834

Analysis

max time kernel
145s
max time network
156s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 20:38

Target

c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
Size

297KB
MD5

6c8c6c87bab698114e85453e98144dc0
SHA1

1836a3f1680593f9d09c9fce347d95e9a3ae2831
SHA256

c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834
SHA512

ae1ff30eda12d579526171faa930a8efa2f81f526eb2aec91b7c0c8738d50e3195ab101a70fe3c25993bdfccd29e4183ee6f00938eaaac97ee5426b11bc6612e
SSDEEP

6144:elXpsGvRzeZtSBOXRibPG+X6x/gz1/YqTr0pmtAWYJ:eROWOXuG+X66ztYq0cAVJ

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\PhotoDelight.job	c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe

C:\Users\Admin\AppData\Local\Temp\c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe
"C:\Users\Admin\AppData\Local\Temp\c081819273dca03777062bd9a4e051fb9e4c61f77f142102008c8504c9a35834.exe"
1⤵
- Drops file in Windows directory
PID:2020

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2020-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/2020-55-0x0000000000390000-0x00000000003BF000-memory.dmp

Filesize
188KB

Download