6bbcc782284f568e4518e34826132c169ec484357acc6ac0fef55f3a2ba0cac6

Analysis

max time kernel
129s
max time network
138s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 23:17

Target

6bbcc782284f568e4518e34826132c169ec484357acc6ac0fef55f3a2ba0cac6.exe
Size

2.5MB
MD5

7043443ca3a3cdc264218cf5603df37d
SHA1

318f6c142bd25fe4873d37e4e5b0ad980e0b926a
SHA256

6bbcc782284f568e4518e34826132c169ec484357acc6ac0fef55f3a2ba0cac6
SHA512

7fb767e7234f3f1b99124da7a13e1cb4c977a09bcd483d7128b4d6a67640ac37b328dbcbff72156e702a78b9fcb0b3eb2acd5bbeb2a7a369d02a8943772e3450
SSDEEP

6144:JMVfVkQbgZIhMI7+X8DxCI/XwQ0oC5cS/0/6gHPHHqChX7KgD:JgkmWICI7C8Dx/X30VsRfqC8gD

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task[973b].job	6bbcc782284f568e4518e34826132c169ec484357acc6ac0fef55f3a2ba0cac6.exe

C:\Users\Admin\AppData\Local\Temp\6bbcc782284f568e4518e34826132c169ec484357acc6ac0fef55f3a2ba0cac6.exe
"C:\Users\Admin\AppData\Local\Temp\6bbcc782284f568e4518e34826132c169ec484357acc6ac0fef55f3a2ba0cac6.exe"
1⤵
- Drops file in Windows directory
PID:1364

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1364-54-0x0000000075701000-0x0000000075703000-memory.dmp

Filesize
8KB

Download
memory/1364-55-0x0000000000340000-0x000000000036F000-memory.dmp

Filesize
188KB

Download
memory/1364-59-0x00000000001E0000-0x00000000001E3000-memory.dmp

Filesize
12KB

Download