b050263cc2254de443697f85cd446b65f6ea1bfd9495c19ba47f6c64e2eee98b

Analysis

max time kernel
32s
max time network
40s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 02:17

Target

b050263cc2254de443697f85cd446b65f6ea1bfd9495c19ba47f6c64e2eee98b.exe
Size

316KB
MD5

5963c55fbf5d2423548fece6d4fec290
SHA1

e3d72f42a16ad5162eba81409489e1e4df3202f7
SHA256

b050263cc2254de443697f85cd446b65f6ea1bfd9495c19ba47f6c64e2eee98b
SHA512

e630a277e697540f1dde728057bd31f66c4a7079ea1e0767bb5200e7f6a71c640c2ae1aa7b92b3a29379dfb1624d8430c216e420e684eebe6f0c0c0627cb7a96
SSDEEP

6144:PQYusRlegMYdAPzTgxyXEgzRScfwQ99+FB73s383W:dusOCAQxyTlwQ99WTs383W

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\RocketTasks.job	b050263cc2254de443697f85cd446b65f6ea1bfd9495c19ba47f6c64e2eee98b.exe

C:\Users\Admin\AppData\Local\Temp\b050263cc2254de443697f85cd446b65f6ea1bfd9495c19ba47f6c64e2eee98b.exe
"C:\Users\Admin\AppData\Local\Temp\b050263cc2254de443697f85cd446b65f6ea1bfd9495c19ba47f6c64e2eee98b.exe"
1⤵
- Drops file in Windows directory
PID:836

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/836-54-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download
memory/836-55-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download