e984065d28993ba9c96ca85358a69a24a24b2b28f990b7b4d0393e823341fae5

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 13:31

Target

e984065d28993ba9c96ca85358a69a24a24b2b28f990b7b4d0393e823341fae5.exe
Size

188KB
MD5

6c3433111e3c944acca83a3b48a82c70
SHA1

ecb43df15bd1c27b302cace40e8d18af8bb1bac4
SHA256

e984065d28993ba9c96ca85358a69a24a24b2b28f990b7b4d0393e823341fae5
SHA512

6652a55cf2560cfab11a6ec4833660120ab3b5f7b3eda8a962d51eac62044fb67f7f0ab9b11fa97a7b229324f7ded5eac30e2447ef597203c97e4483c65070a4
SSDEEP

3072:XwxtCrB38L7N3+1a7jLlbRJlkv/d9XtHSRefSFXjxHlOkTsts11MOs:XwxY9+EaX5bRM/FKeatjt3mV

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\PocketMSDS.job	e984065d28993ba9c96ca85358a69a24a24b2b28f990b7b4d0393e823341fae5.exe

C:\Users\Admin\AppData\Local\Temp\e984065d28993ba9c96ca85358a69a24a24b2b28f990b7b4d0393e823341fae5.exe
"C:\Users\Admin\AppData\Local\Temp\e984065d28993ba9c96ca85358a69a24a24b2b28f990b7b4d0393e823341fae5.exe"
1⤵
- Drops file in Windows directory
PID:2024

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2024-54-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download
memory/2024-55-0x00000000001C0000-0x00000000001EF000-memory.dmp

Filesize
188KB

Download
memory/2024-59-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/2024-60-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download