a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe
Size

317KB
MD5

3bfc5ed4b52c487aff245b87e153a3bf
SHA1

d50e6c999d1f66304a08512818c6d22af04992d0
SHA256

a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a
SHA512

dfa1d70b21a62ca092b0d820d476ddd99f404eccc1a0050d905bcaf55074f6f902f39b9d01f284190907ae7ce22c2e0c8600960d4c83205a52d51650d96251a1
SSDEEP

6144:EQ64S47FmgWIqy6btoAAdw2FJ2xZvG2F9ekKI+:P6+7FOIqy6bKAA627UvGy5Z+

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\ExpertPlanner.job	a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe

C:\Users\Admin\AppData\Local\Temp\a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe
"C:\Users\Admin\AppData\Local\Temp\a67bebb58e15e299053d4e09016f63ec1a3b4eff40f433b0280821b17a16e49a.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:2040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-54-0x0000000075631000-0x0000000075633000-memory.dmp

Filesize
8KB

Download
memory/2040-55-0x0000000000340000-0x000000000036F000-memory.dmp

Filesize
188KB

Download
memory/2040-59-0x0000000004510000-0x0000000004537000-memory.dmp

Filesize
156KB

Download