347cf3b777026e26910576922cd1699d6aea4ebea01cc6dc92bbad936f080212

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/11/2022, 19:23

Target

347cf3b777026e26910576922cd1699d6aea4ebea01cc6dc92bbad936f080212.exe
Size

1.4MB
MD5

14337afa9552311427950a38d860dfda
SHA1

b13f575c99d042d0d381a845c596d3e7015e33fa
SHA256

347cf3b777026e26910576922cd1699d6aea4ebea01cc6dc92bbad936f080212
SHA512

47fc491fe5748fc4d01576585e18475ffa15c998725bf53fba32b183677583e7cb9a94e6364a9cd7204ac66656cd64ecffff152660fcbb793b186963124dbffc
SSDEEP

24576:VCXucTIuQHaqPbAy9Hxq4/kor3itlZgkLAagNyRC/vl:VCTIDa/SRT//Sa41gNyR6d

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1492	347cf3b777026e26910576922cd1699d6aea4ebea01cc6dc92bbad936f080212.exe
1492	347cf3b777026e26910576922cd1699d6aea4ebea01cc6dc92bbad936f080212.exe

C:\Users\Admin\AppData\Local\Temp\347cf3b777026e26910576922cd1699d6aea4ebea01cc6dc92bbad936f080212.exe
"C:\Users\Admin\AppData\Local\Temp\347cf3b777026e26910576922cd1699d6aea4ebea01cc6dc92bbad936f080212.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1492

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1492-54-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/1492-55-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/1492-56-0x0000000000240000-0x00000000002DD000-memory.dmp

Filesize
628KB

Download
memory/1492-57-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download