38722a87d325ac2cb910a75302b5f2c227985efcedb22b48dfb0f1f548fbd9b5

Analysis

max time kernel
152s
max time network
161s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 13:10

Target

38722a87d325ac2cb910a75302b5f2c227985efcedb22b48dfb0f1f548fbd9b5.exe
Size

295KB
MD5

72036c43ccbd75c0ee2a28183dcef708
SHA1

f5d33042be8e197ee84a357bed514de1dc74f073
SHA256

38722a87d325ac2cb910a75302b5f2c227985efcedb22b48dfb0f1f548fbd9b5
SHA512

050b5334393d83ddc8a33ed9f87e6a4291b5bb7030c068bb53f83f5744ef29214e02e3a31b01ee96e3a18c0bbad13201fc9130122b5551cf063582a4cdd310af
SSDEEP

6144:H1OoX/qXnCWpNtPt0Fb4bSGH/aG5e7S1c+:HQoaN1tC8HCEc+

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\ExtraWalk.job	38722a87d325ac2cb910a75302b5f2c227985efcedb22b48dfb0f1f548fbd9b5.exe

C:\Users\Admin\AppData\Local\Temp\38722a87d325ac2cb910a75302b5f2c227985efcedb22b48dfb0f1f548fbd9b5.exe
"C:\Users\Admin\AppData\Local\Temp\38722a87d325ac2cb910a75302b5f2c227985efcedb22b48dfb0f1f548fbd9b5.exe"
1⤵
- Drops file in Windows directory
PID:2036

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2036-54-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/2036-55-0x00000000001C0000-0x00000000001EF000-memory.dmp

Filesize
188KB

Download
memory/2036-59-0x0000000000160000-0x0000000000192000-memory.dmp

Filesize
200KB

Download