1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5

Analysis

max time kernel
152s
max time network
174s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 20:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
Size

45KB
MD5

06388640371cb53c16f6e294191a4e0a
SHA1

9935b6ddc0c1eb906e89bcc5124b1269a34b028e
SHA256

1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5
SHA512

e65374eea8f57105efe611a186a1c652dcbb6fd0ee48f88ebbc0bac127a78568db52861bbdb69cdeba093851639e0b4917233feffbbc3598af6ebf9313ca5c08
SSDEEP

768:x4XJj+iTiK4+uivwNYHKrVk/StQe2iovTYi7ntItLM/NCjMxjO:x43eyINYHKrG/SamtLcNCjMxjO

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
912	1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe

C:\Users\Admin\AppData\Local\Temp\1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe
"C:\Users\Admin\AppData\Local\Temp\1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:912

Network

DNS

ghaioo3uhxgg.com

1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe

Remote address:

8.8.8.8:53

Request

ghaioo3uhxgg.com

IN A

Response
DNS

hwergkjgg3jhgj.com

1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe

Remote address:

8.8.8.8:53

Request

hwergkjgg3jhgj.com

IN A

Response

No results found

8.8.8.8:53

ghaioo3uhxgg.com

dns

1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe

62 B
135 B
1
1

DNS Request

ghaioo3uhxgg.com
8.8.8.8:53

hwergkjgg3jhgj.com

dns

1932bbd1b5bcea1b4b595c03761ac3ce7c1660c4f37ffcbbe4be7b3da4889ce5.exe

64 B
137 B
1
1

DNS Request

hwergkjgg3jhgj.com

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/912-55-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/912-54-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/912-56-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/912-57-0x0000000076091000-0x0000000076093000-memory.dmp

Filesize
8KB

Download
memory/912-58-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download