6d23039c6bee18b24f5d893c853141bc73a5575ab615cbe0f60dc8a87a014a57

Analysis

max time kernel
190s
max time network
226s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 03:52

Target

6d23039c6bee18b24f5d893c853141bc73a5575ab615cbe0f60dc8a87a014a57.dll
Size

144KB
MD5

9710a58be56966e1e1465eedf8fde1fa
SHA1

29cc2982995396fa3db819a65d92c9d02892dca4
SHA256

6d23039c6bee18b24f5d893c853141bc73a5575ab615cbe0f60dc8a87a014a57
SHA512

04cf988a7dac5f105e11e277584b9350be161bdab961c2f39799dbc95878cc13418bf55713caf356bd77e317eb250ccf076dd92ca3ede302d6e903269e2e7665
SSDEEP

1536:SVILLSZsy+cMN1Jo0CshRmJIXBYUyVXVl0qXLx44cr4+DzLMUTo7R:jLSZsKO1JTCCYJImUy+At4DrPzLMU+

Score

8^/10

discovery

Blocklisted process makes network request 11 IoCs

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 7 IoCs

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/268-54-0x0000000000280000-0x0000000000297000-memory.dmp

Filesize
92KB

Download
memory/268-55-0x0000000000280000-0x0000000000297000-memory.dmp

Filesize
92KB

Download
memory/268-56-0x0000000180000000-0x000000018002B000-memory.dmp

Filesize
172KB

Download