7f09797d08ebeb920830b855cf38c1f80053ab5b939a0290a24c9d844d3b1d56

Analysis

max time kernel
101s
max time network
109s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 13:04

Target

7f09797d08ebeb920830b855cf38c1f80053ab5b939a0290a24c9d844d3b1d56.exe
Size

297KB
MD5

693a10e692a19f46e35441278009e236
SHA1

95efd22fc7fe7e7ef8cb728662c9007e428458af
SHA256

7f09797d08ebeb920830b855cf38c1f80053ab5b939a0290a24c9d844d3b1d56
SHA512

85f40d80057096bdd5bbf46151d6ef02bf1e0922b1572df15ef400ce6e009a7d1763caf39b6324ffac6e97ff5dd70c6777ad33863f60fdff9d2b9f25fe91c6f5
SSDEEP

6144:aq8D7Y/L3OLARRPTGc/16NuGQDXx4gxO2TlqZPPrcaIE6c:f8QD+LMXtOuGQbSt2TsZ3AaIDc

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\HealthTech.job	7f09797d08ebeb920830b855cf38c1f80053ab5b939a0290a24c9d844d3b1d56.exe

C:\Users\Admin\AppData\Local\Temp\7f09797d08ebeb920830b855cf38c1f80053ab5b939a0290a24c9d844d3b1d56.exe
"C:\Users\Admin\AppData\Local\Temp\7f09797d08ebeb920830b855cf38c1f80053ab5b939a0290a24c9d844d3b1d56.exe"
1⤵
- Drops file in Windows directory
PID:1192

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1192-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download
memory/1192-55-0x0000000000390000-0x00000000003BF000-memory.dmp

Filesize
188KB

Download