f19ceea3afb352380601e0817706c393c9e2b5d25def1bdf40c4568bdadd4b83

Analysis

max time kernel
37s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 22:33

Target

f19ceea3afb352380601e0817706c393c9e2b5d25def1bdf40c4568bdadd4b83.exe
Size

307KB
MD5

07aa639cdce2464c39624105f389b137
SHA1

51d3c9fac836e16636fda54bba39ef6ce3479149
SHA256

f19ceea3afb352380601e0817706c393c9e2b5d25def1bdf40c4568bdadd4b83
SHA512

6ef3b2091f1966198035a2597eee96956dbc9312f5febe10d622afda8bafaa67a6676dc37630aaad7c84a59459400aef96bc082d62999f8d9d330ed6eb176808
SSDEEP

6144:OFFFWKaD7i5JC1E2Icq7WMoTYMIHRwbQMuBAC:OFD//FnWMo3Mn9uC

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\FileReserve.job	f19ceea3afb352380601e0817706c393c9e2b5d25def1bdf40c4568bdadd4b83.exe

C:\Users\Admin\AppData\Local\Temp\f19ceea3afb352380601e0817706c393c9e2b5d25def1bdf40c4568bdadd4b83.exe
"C:\Users\Admin\AppData\Local\Temp\f19ceea3afb352380601e0817706c393c9e2b5d25def1bdf40c4568bdadd4b83.exe"
1⤵
- Drops file in Windows directory
PID:2016

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2016-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download
memory/2016-55-0x00000000002A0000-0x00000000002CF000-memory.dmp

Filesize
188KB

Download