ecf5dc4a8773c32be6da798855f5f336f51ef88fcb12ed5d673124d7aa975f16

Analysis

max time kernel
75s
max time network
121s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31/10/2022, 00:25

Target

ecf5dc4a8773c32be6da798855f5f336f51ef88fcb12ed5d673124d7aa975f16.exe
Size

346KB
MD5

a24cda3621e234389f64fcb3ac743beb
SHA1

64b7c7c905c0e6863a4ffdceba2c7724297c2bc6
SHA256

ecf5dc4a8773c32be6da798855f5f336f51ef88fcb12ed5d673124d7aa975f16
SHA512

e405eb8b99c97f8f64774d63f5820a39b40be4280950a415a84a6f6d500e925c6e332679b02d4d06eacd3221bf8ce17b7b3af9e0f005bec1d9fd1b7361201083
SSDEEP

6144:HFahuTsCsE6eO6adX6X/72+vi2SIMj0hbo2mBG/wuZym5HCvXt9FIq:HFSuMEAXWjNvSIMj0hbuuxHCv9Iq

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\PHPEdit.job	ecf5dc4a8773c32be6da798855f5f336f51ef88fcb12ed5d673124d7aa975f16.exe

C:\Users\Admin\AppData\Local\Temp\ecf5dc4a8773c32be6da798855f5f336f51ef88fcb12ed5d673124d7aa975f16.exe
"C:\Users\Admin\AppData\Local\Temp\ecf5dc4a8773c32be6da798855f5f336f51ef88fcb12ed5d673124d7aa975f16.exe"
1⤵
- Drops file in Windows directory
PID:2000

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2000-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/2000-55-0x0000000000390000-0x00000000003BF000-memory.dmp

Filesize
188KB

Download