3db7ba66c27a22407fed4bff8b22fb92985b742d9d6964fb996d6c6e3c834c05

Analysis

max time kernel
48s
max time network
53s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 13:33

Target

3db7ba66c27a22407fed4bff8b22fb92985b742d9d6964fb996d6c6e3c834c05.exe
Size

284KB
MD5

2099017ade3ffb3733f13c04c9539860
SHA1

98132f53216c1c7456a70200f7b86fe8bd7da155
SHA256

3db7ba66c27a22407fed4bff8b22fb92985b742d9d6964fb996d6c6e3c834c05
SHA512

9123ad768f011bcd2ed580939d3e7521017e6f4373f410edab98cf5f2a076ed06a87f38a32002b9141500e5d02901cdc05b8f64f46c9c718f2a17a489b3c159b
SSDEEP

3072:2RvtND91sPC9J50NxSpoY4Kx9gKDBioqHkCPj1fF12DFHLEVvlCUgi:2ptZ19JESpo+x9g4oqWf/GdqvQ1i

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\WeatherTones.job	3db7ba66c27a22407fed4bff8b22fb92985b742d9d6964fb996d6c6e3c834c05.exe

C:\Users\Admin\AppData\Local\Temp\3db7ba66c27a22407fed4bff8b22fb92985b742d9d6964fb996d6c6e3c834c05.exe
"C:\Users\Admin\AppData\Local\Temp\3db7ba66c27a22407fed4bff8b22fb92985b742d9d6964fb996d6c6e3c834c05.exe"
1⤵
- Drops file in Windows directory
PID:584

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/584-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/584-55-0x0000000000150000-0x000000000017F000-memory.dmp

Filesize
188KB

Download
memory/584-59-0x0000000000111000-0x0000000000132000-memory.dmp

Filesize
132KB

Download
memory/584-60-0x0000000000111000-0x0000000000132000-memory.dmp

Filesize
132KB

Download