027ac20a7b200c57d2b20d72031ee79b155fe7027c6d0a43e4b4fc6f313cfbfa

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 08:29

Target

027ac20a7b200c57d2b20d72031ee79b155fe7027c6d0a43e4b4fc6f313cfbfa.exe
Size

2.0MB
MD5

749a9216ee56c73cf3d8d61ef9528939
SHA1

0c84b910439c4479a1a5ec71655070e3654ee79c
SHA256

027ac20a7b200c57d2b20d72031ee79b155fe7027c6d0a43e4b4fc6f313cfbfa
SHA512

c8fe27e31b2cdbcb12fd79883460f5c738a9ad1d9fc9e727b061df34e22666120cadc0a012144fa27e391801afd3987a4e55d7c1cbfde1beebfdfec504a54522
SSDEEP

6144:5sQpiL5wtBB5q3y1JWS4vMFlezNrFwqGYidXrlYAACApFVAQ:C1L5y5AqJl4c8NryMi38CsFVAQ

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

Processes:

027ac20a7b200c57d2b20d72031ee79b155fe7027c6d0a43e4b4fc6f313cfbfa.exe

description	ioc	process
File created	C:\Windows\Tasks\Bidaily Synchronize Task[pr].job	027ac20a7b200c57d2b20d72031ee79b155fe7027c6d0a43e4b4fc6f313cfbfa.exe

C:\Users\Admin\AppData\Local\Temp\027ac20a7b200c57d2b20d72031ee79b155fe7027c6d0a43e4b4fc6f313cfbfa.exe
"C:\Users\Admin\AppData\Local\Temp\027ac20a7b200c57d2b20d72031ee79b155fe7027c6d0a43e4b4fc6f313cfbfa.exe"
1⤵
- Drops file in Windows directory
PID:1812

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1812-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/1812-55-0x0000000000B10000-0x0000000000B3F000-memory.dmp

Filesize
188KB

Download