b022230d01f00de4e64e24cd6dede6444bf2f21b7296e28fd1259a8f2c890411

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 04:01

Target

b022230d01f00de4e64e24cd6dede6444bf2f21b7296e28fd1259a8f2c890411.exe
Size

314KB
MD5

607c61651fdd5b8b763d9ed10d126cc7
SHA1

2fb26dde0e172c47e08d0cae70adaa7039a99b73
SHA256

b022230d01f00de4e64e24cd6dede6444bf2f21b7296e28fd1259a8f2c890411
SHA512

dc90977537fe52b579e6c198a2938c52f2c7c1cbd56504e6facd19c78a15bd799f817a230fd08acbd35d35490452113b1f5b2baeca6d89b4547ff687ab1362ec
SSDEEP

3072:NYB5zP5k06ggcYEoAHw52xk2UkUmMyQU8E2mKOjcyvYb3gvjuL6tIYabEfvzKgQ:6BBBk0jDQh2/UPlnm1jcBbuu1InzKR

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\AutoCure.job	b022230d01f00de4e64e24cd6dede6444bf2f21b7296e28fd1259a8f2c890411.exe

C:\Users\Admin\AppData\Local\Temp\b022230d01f00de4e64e24cd6dede6444bf2f21b7296e28fd1259a8f2c890411.exe
"C:\Users\Admin\AppData\Local\Temp\b022230d01f00de4e64e24cd6dede6444bf2f21b7296e28fd1259a8f2c890411.exe"
1⤵
- Drops file in Windows directory
PID:1424

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1424-54-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download
memory/1424-55-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download