94af8c0fcc09b3bc83648ae70945883a3ec74c600cce10d30b217e7c19429d92

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 14:14

Target

94af8c0fcc09b3bc83648ae70945883a3ec74c600cce10d30b217e7c19429d92.exe
Size

286KB
MD5

aed64f548640fbd302cdb5e8c054f467
SHA1

d3aef06b148dd7e0169e9ddcdc8ad28d55e0c150
SHA256

94af8c0fcc09b3bc83648ae70945883a3ec74c600cce10d30b217e7c19429d92
SHA512

09b4eeb409c5fade2a9624214fa93b6261b22682dc49e1e50f1b31090442e59e780c75765fafb3e5a7435225dd3df59b81948473d85977d50577c5c8dc0cb907
SSDEEP

6144:59NZEiDNgyNlXSSveqQVT1ilg1/hvK66b:59NZEiDNgkbvtei+1/066b

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\CallBlockerPro.job	94af8c0fcc09b3bc83648ae70945883a3ec74c600cce10d30b217e7c19429d92.exe

C:\Users\Admin\AppData\Local\Temp\94af8c0fcc09b3bc83648ae70945883a3ec74c600cce10d30b217e7c19429d92.exe
"C:\Users\Admin\AppData\Local\Temp\94af8c0fcc09b3bc83648ae70945883a3ec74c600cce10d30b217e7c19429d92.exe"
1⤵
- Drops file in Windows directory
PID:1288

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1288-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/1288-55-0x00000000000F0000-0x000000000011F000-memory.dmp

Filesize
188KB

Download
memory/1288-59-0x0000000000291000-0x00000000002B2000-memory.dmp

Filesize
132KB

Download