bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d

Analysis

max time kernel
160s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 16:03

Target

bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe
Size

80KB
MD5

5fce64eb222aa41e4fb967e9d8fb6a22
SHA1

c2c980297d985c0e62e461b76fa584e79a6b3822
SHA256

bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d
SHA512

35fa7f7ec6339700febba68d30ca17554a926bb8011f1345609689460399f2a2d7c7d0d027db0b8e22df546dbc89b8c03bc127c3a72c304cfc1354a598f3ccac
SSDEEP

768:pZxqi0P+d1QgdggdoXL8X7FqTLaIixHOtIlYFK1Zk6YayZek31s8gJeIdcE6t7Sy:3w+d/WXLDLFrce6lyZhq8CuE6tvn

Score

8^/10

discovery

Executes dropped EXE 1 IoCs

Processes:

edgCA69.exe

pid process

2468 edgCA69.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2468	edgCA69.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe

description	pid	process	target process
PID 2116 wrote to memory of 2468	2116	bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe	edgCA69.exe
PID 2116 wrote to memory of 2468	2116	bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe	edgCA69.exe
PID 2116 wrote to memory of 2468	2116	bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe	edgCA69.exe

C:\Users\Admin\AppData\Local\Temp\bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe
"C:\Users\Admin\AppData\Local\Temp\bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2116

C:\Users\Admin\AppData\Local\edgCA69.exe
C:\Users\Admin\AppData\Local\edgCA69.exe C:\Users\Admin\AppData\Local\Temp\BC77BF~1.EXE cp
2⤵
- Executes dropped EXE
PID:2468

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

C:\Users\Admin\AppData\Local\edgCA69.exe
Filesize
80KB

MD5
35d6f65d3e551ac6cc21ff9a5c3eddac

SHA1
f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba

SHA256
e502320ad97e3e8a4cf7f3e007baad6a8acf0257b38a7f3cab5f2d44700f961a

SHA512
d2af966f091965501349f2cc545bc995f785fd5e6452670efd73df2af26afe55bd2f3725a57044bd44837f93fdd8b89df2460fd8d224914407d8b3973e928356

Download Submit
memory/2116-132-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2468-138-0x0000000000000000-mapping.dmp

Download