edaaa26f500024b459673c81b7d37b8e8281ef5f08de04291662021c3d44673a | Triage

Analysis

max time kernel
206s
max time network
230s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:32

Sharing

Report Analysis Logs

General

Target

keyfinder.exe
Size

787KB
MD5

4187dfaf99e89cc211eb3f2bf6af81ca
SHA1

55fc92048228aaab920a9d164dff7ba92117ec82
SHA256

3cf64f198a3a58f608639823ae689cbff75dc475996cbd14ebd16550d9886f1c
SHA512

9ffc1e6f76ad4826abe7ece3dcf0a59c49564f03bb3ebde9a11d8dbaeb5f870cb5d9affcebd001ffe6d84aa6bd34fa8f94851de4d8f2a22e1941002e49b86d61
SSDEEP

12288:XQx8br+SgmYjgVobXcJTEjK25I3yWwR4C0Ecnb/Lxh+khPg85:PfQjUT/25a87inxIX85

Score

6^/10

Malware Config

Signatures

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery
T1063

Processes:

keyfinder.exe

description ioc process

Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\AntiVir PersonalEdition Classic keyfinder.exe

C:\Users\Admin\AppData\Local\Temp\keyfinder.exe
"C:\Users\Admin\AppData\Local\Temp\keyfinder.exe"
1⤵
- Checks for any installed AV software in registry
PID:4552

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...