5bf024b7b37d281951059476a5c207cbc061471e84c2a5bc3cbf3795c2b88808

Analysis

max time kernel
33s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 08:50

Target

5bf024b7b37d281951059476a5c207cbc061471e84c2a5bc3cbf3795c2b88808.exe
Size

216KB
MD5

052f795fa63558d633ecf2a5f63b4110
SHA1

d18d40a332edee8e9a53125af006fb97ee9ae2ef
SHA256

5bf024b7b37d281951059476a5c207cbc061471e84c2a5bc3cbf3795c2b88808
SHA512

fd802292ed371436a61c3a56907c895d0fed4263cc6fcebb080feb4f8e1dbd81930f82e311d4a3744b9a4ed6b2f3bf2c847e1044597ce16fd4502a931998f653
SSDEEP

3072:oxtvR6eJobccrLtMIMaGMPQFQrVXFT6FR030/CvtibJEzxvaC3xYmj6AY:ozUDbFSnQrVoWvkbcxV9jvY

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\SmartEssentials.job	5bf024b7b37d281951059476a5c207cbc061471e84c2a5bc3cbf3795c2b88808.exe

C:\Users\Admin\AppData\Local\Temp\5bf024b7b37d281951059476a5c207cbc061471e84c2a5bc3cbf3795c2b88808.exe
"C:\Users\Admin\AppData\Local\Temp\5bf024b7b37d281951059476a5c207cbc061471e84c2a5bc3cbf3795c2b88808.exe"
1⤵
- Drops file in Windows directory
PID:1480

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1480-54-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download
memory/1480-55-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download