ec8dacb44c08139d0bdf5e8db387cf03ab2fb0ad29950d40d7464d0e5d4cfc6d

Analysis

max time kernel
24s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 22:33

Target

ec8dacb44c08139d0bdf5e8db387cf03ab2fb0ad29950d40d7464d0e5d4cfc6d.exe
Size

337KB
MD5

0c73977dd99449a46e1f355bfc5bcf0a
SHA1

f6bb4f951f493e38dab4eb18a823f5569cf0aa30
SHA256

ec8dacb44c08139d0bdf5e8db387cf03ab2fb0ad29950d40d7464d0e5d4cfc6d
SHA512

159ca7029f6b7912a19abaf03be2a5374b30ca2aa462cfedb0e31c58f2d854a506ed234f3ac35a1636fc64265c9d9bd658a4cd7a29952da81cc789133f56260c
SSDEEP

6144:ttfzAZpFq7Ul5vG2NMWbIsCTVc9TMDnr4RCnoZW:ttUZXNO2NMWQq9kn8RQoZW

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\ContentDealer.job	ec8dacb44c08139d0bdf5e8db387cf03ab2fb0ad29950d40d7464d0e5d4cfc6d.exe

C:\Users\Admin\AppData\Local\Temp\ec8dacb44c08139d0bdf5e8db387cf03ab2fb0ad29950d40d7464d0e5d4cfc6d.exe
"C:\Users\Admin\AppData\Local\Temp\ec8dacb44c08139d0bdf5e8db387cf03ab2fb0ad29950d40d7464d0e5d4cfc6d.exe"
1⤵
- Drops file in Windows directory
PID:1200

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1200-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1200-55-0x00000000002B0000-0x00000000002DF000-memory.dmp

Filesize
188KB

Download