d37bb47c377773ba21b83d60679fdd3746016286b48f5ffcb3f3a2c5fdd7da7a

Analysis

max time kernel
11s
max time network
60s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 13:13

Target

d37bb47c377773ba21b83d60679fdd3746016286b48f5ffcb3f3a2c5fdd7da7a.exe
Size

261KB
MD5

bddafae623964a1d1e091c9be4767df0
SHA1

330afc496307a453605dad50655aa96553313ddd
SHA256

d37bb47c377773ba21b83d60679fdd3746016286b48f5ffcb3f3a2c5fdd7da7a
SHA512

ec7da1ba8988b8a762529979ef0a53ede918894146cebcedf338f98857070774003fbe996002322bd96019a7ab223a26dff954d84e5d998b202ad84580b96124
SSDEEP

6144:eCvQ5o99o0Qc91Wn/e9Lb6DFSxEY0tPB69aIWntY3n:eCvQqEW9wFDXIWntY3n

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\FileSupport.job	d37bb47c377773ba21b83d60679fdd3746016286b48f5ffcb3f3a2c5fdd7da7a.exe

C:\Users\Admin\AppData\Local\Temp\d37bb47c377773ba21b83d60679fdd3746016286b48f5ffcb3f3a2c5fdd7da7a.exe
"C:\Users\Admin\AppData\Local\Temp\d37bb47c377773ba21b83d60679fdd3746016286b48f5ffcb3f3a2c5fdd7da7a.exe"
1⤵
- Drops file in Windows directory
PID:1588

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1588-54-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download
memory/1588-55-0x0000000000600000-0x000000000062F000-memory.dmp

Filesize
188KB

Download
memory/1588-59-0x0000000000630000-0x0000000000657000-memory.dmp

Filesize
156KB

Download