c3407859c07a2fd4338b64cf9ee943ca87e183c11398e1c809429d957fdf4d9e

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 23:35

Target

c3407859c07a2fd4338b64cf9ee943ca87e183c11398e1c809429d957fdf4d9e.exe
Size

188KB
MD5

67923ae771b74a0e830c08cd33700e30
SHA1

8317c53a0698f310c05c8427175f2facdb59653c
SHA256

c3407859c07a2fd4338b64cf9ee943ca87e183c11398e1c809429d957fdf4d9e
SHA512

ee73f51080b5fd246d079dffb7f131b4c2d5325b4303b12feeda257a4602180de98094f0f1b9b99282bc7b46516860fcdd0684c986bf8cf2b869e044dc9414ec
SSDEEP

3072:0Gl4zDWxDJUpXFRjaMyh9IPLiaM5rp4KjzjJJ8j3MAGPBj/IQIRS2su+Imm/b6:Nl2+SfRW9IPGaSZjzF83iBjdIA2bmyb6

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\DearClear.job	c3407859c07a2fd4338b64cf9ee943ca87e183c11398e1c809429d957fdf4d9e.exe

C:\Users\Admin\AppData\Local\Temp\c3407859c07a2fd4338b64cf9ee943ca87e183c11398e1c809429d957fdf4d9e.exe
"C:\Users\Admin\AppData\Local\Temp\c3407859c07a2fd4338b64cf9ee943ca87e183c11398e1c809429d957fdf4d9e.exe"
1⤵
- Drops file in Windows directory
PID:604

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/604-54-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download
memory/604-55-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/604-56-0x00000000003C0000-0x00000000003EF000-memory.dmp

Filesize
188KB

Download
memory/604-60-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/604-61-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download