af326ff3f28274ed11bc62a6b4606f6958d7b60966682273b6f5fe67f686979f

Analysis

max time kernel
235s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 12:42

Target

af326ff3f28274ed11bc62a6b4606f6958d7b60966682273b6f5fe67f686979f.exe
Size

249KB
MD5

3763c5fcef1a4f963e2a6aa97815e667
SHA1

c55d83b3d223405d65afd5e0415e2ddb94fbee8f
SHA256

af326ff3f28274ed11bc62a6b4606f6958d7b60966682273b6f5fe67f686979f
SHA512

e8029705d7368b3603c26ae348d965325941d2377a5282f49e2f6f1324bca4407132dde3fa5a78d6af70a687d280e5c8b033693067f7b6b4ffa18189ace43849
SSDEEP

6144:klLWwKD3oNsxx9SiLUJT/sEm6666uM2qVyQPurlI:Jw0cs8T/7yWMLPurlI

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\SmartCompanion.job	af326ff3f28274ed11bc62a6b4606f6958d7b60966682273b6f5fe67f686979f.exe

C:\Users\Admin\AppData\Local\Temp\af326ff3f28274ed11bc62a6b4606f6958d7b60966682273b6f5fe67f686979f.exe
"C:\Users\Admin\AppData\Local\Temp\af326ff3f28274ed11bc62a6b4606f6958d7b60966682273b6f5fe67f686979f.exe"
1⤵
- Drops file in Windows directory
PID:1156

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1156-54-0x00000000753F1000-0x00000000753F3000-memory.dmp

Filesize
8KB

Download
memory/1156-55-0x0000000000210000-0x000000000023F000-memory.dmp

Filesize
188KB

Download