40ffc7419a574d339b14fd460eabed973ef4bcee5d696e005ab446057ff33031

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 13:29

Target

40ffc7419a574d339b14fd460eabed973ef4bcee5d696e005ab446057ff33031.exe
Size

189KB
MD5

05b7130954c456c1a1beef31044c50b0
SHA1

7480457e6e9dd5ce90b0f137f8d44b97f133767f
SHA256

40ffc7419a574d339b14fd460eabed973ef4bcee5d696e005ab446057ff33031
SHA512

e01ed286517d352941f47a6f00b0d04b4baf04007ca5d7986df71dde34cd56a32f29324fc3044804f63379ffcc85f61f367464dffed7cd976388c14ad5bd4054
SSDEEP

3072:eYkFgtg6ibj+W5uKZLe4HmkEBwmKPaOtQIRy2sUWuGe:bkFgm6ibSW5FZnHmzumsmIEMwe

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\PDFToDocs.job	40ffc7419a574d339b14fd460eabed973ef4bcee5d696e005ab446057ff33031.exe

C:\Users\Admin\AppData\Local\Temp\40ffc7419a574d339b14fd460eabed973ef4bcee5d696e005ab446057ff33031.exe
"C:\Users\Admin\AppData\Local\Temp\40ffc7419a574d339b14fd460eabed973ef4bcee5d696e005ab446057ff33031.exe"
1⤵
- Drops file in Windows directory
PID:1492

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1492-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1492-55-0x0000000000170000-0x000000000019F000-memory.dmp

Filesize
188KB

Download
memory/1492-59-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/1492-60-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download