e823ccb6be837e398d6a9f9a75a35c2423f15ef6687b558af3eda51363f6b53b

Analysis

max time kernel
26s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 12:36

Target

e823ccb6be837e398d6a9f9a75a35c2423f15ef6687b558af3eda51363f6b53b.exe
Size

306KB
MD5

2167223a773c3eb828f427bce382fca5
SHA1

0edda86f160d457a29a66fb6a4d79e3b928e11e1
SHA256

e823ccb6be837e398d6a9f9a75a35c2423f15ef6687b558af3eda51363f6b53b
SHA512

6976e99764836f2a4e7883d73d3d57d60db560d9059e9c5ce9580257889d2c82f623f8847e16cf1382d2ee8c5add182c722687cb98b1c9ba916f0759af0f7bba
SSDEEP

6144:VVza66auT1CaXOIKlh/7wsN8Ebha7FfYI+Eycor+swJl:/zd6H+Dh/7wA8Eb4dYI+EycQ+s8l

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\DailyCast.job	e823ccb6be837e398d6a9f9a75a35c2423f15ef6687b558af3eda51363f6b53b.exe

C:\Users\Admin\AppData\Local\Temp\e823ccb6be837e398d6a9f9a75a35c2423f15ef6687b558af3eda51363f6b53b.exe
"C:\Users\Admin\AppData\Local\Temp\e823ccb6be837e398d6a9f9a75a35c2423f15ef6687b558af3eda51363f6b53b.exe"
1⤵
- Drops file in Windows directory
PID:1400

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1400-54-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download
memory/1400-55-0x0000000000390000-0x00000000003BF000-memory.dmp

Filesize
188KB

Download