b77734c4393264ea5ec4c29fb2d2e5b9f9c7fb7b61badaa141a2d21c0238a155

Analysis

max time kernel
36s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 20:46

Target

b77734c4393264ea5ec4c29fb2d2e5b9f9c7fb7b61badaa141a2d21c0238a155.exe
Size

346KB
MD5

681a29fb19642bab1772f010e934b4fe
SHA1

8d30d70f9086acd6e84ef9a6a620f919e936f4bc
SHA256

b77734c4393264ea5ec4c29fb2d2e5b9f9c7fb7b61badaa141a2d21c0238a155
SHA512

a18131de856de06f51ef6f5f21c2e6eb110fd40084537d1fe2f40c52a802a9e47befe03c5664ff0fc70ac73290652fedfab9690880c58bc97789e9faf600de8a
SSDEEP

6144:KvHPZ/CpHg3PYp7KQQkYgeQe4K4U+XWVEWr1mf/x:K3ZJUPQk/eQeP5MqW/x

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\DoctorDocs.job	b77734c4393264ea5ec4c29fb2d2e5b9f9c7fb7b61badaa141a2d21c0238a155.exe

C:\Users\Admin\AppData\Local\Temp\b77734c4393264ea5ec4c29fb2d2e5b9f9c7fb7b61badaa141a2d21c0238a155.exe
"C:\Users\Admin\AppData\Local\Temp\b77734c4393264ea5ec4c29fb2d2e5b9f9c7fb7b61badaa141a2d21c0238a155.exe"
1⤵
- Drops file in Windows directory
PID:976

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/976-54-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download
memory/976-55-0x0000000000240000-0x000000000026F000-memory.dmp

Filesize
188KB

Download