1a09143326986400c932c6db1269646701857067eca8c2e04d057d13757bea09

Analysis

max time kernel
48s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 14:06

Target

1a09143326986400c932c6db1269646701857067eca8c2e04d057d13757bea09.exe
Size

286KB
MD5

6077d32004ceb2cf6904f7811aa33cd9
SHA1

9a0b16814578d96478a5d5ff19d35b57a5e418c0
SHA256

1a09143326986400c932c6db1269646701857067eca8c2e04d057d13757bea09
SHA512

8d9e257250bc78454438baaee76e503810b88c187e5d62c7565cddec62346e613b3cfd439f6a4477a8e3e68e0b16d7dc96409dd78087077fac4cce9e96f4689a
SSDEEP

3072:femaTXdHet0kTa3Iy3haaTWMeF4qHxI/cyS7j9F/JwbvdXIxXMV5f5CSMhOp+1IM:mh5HeI3j3YSeF1RuNIFAdYx8ZMkpoITo

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\FrequencyCheck.job	1a09143326986400c932c6db1269646701857067eca8c2e04d057d13757bea09.exe

C:\Users\Admin\AppData\Local\Temp\1a09143326986400c932c6db1269646701857067eca8c2e04d057d13757bea09.exe
"C:\Users\Admin\AppData\Local\Temp\1a09143326986400c932c6db1269646701857067eca8c2e04d057d13757bea09.exe"
1⤵
- Drops file in Windows directory
PID:1288

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1288-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/1288-55-0x0000000000580000-0x00000000005AF000-memory.dmp

Filesize
188KB

Download
memory/1288-59-0x0000000001151000-0x0000000001172000-memory.dmp

Filesize
132KB

Download