43b28b33f77a5038abc86cfcbf3d3ae13be6e5cff6448160bf160a03a673d4b5

Analysis

max time kernel
64s
max time network
34s
platform
windows7_x64
resource
win7-20221111-es
resource tags

arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
submitted
05-01-2023 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UninstallView.exe
Size

191KB
MD5

03bdb34ec9d1fbd7ddb213fbd59f0a71
SHA1

ad9021927486e0dbc41ef4f1663dcb2204046fef
SHA256

43b28b33f77a5038abc86cfcbf3d3ae13be6e5cff6448160bf160a03a673d4b5
SHA512

7754604e0ef38ccbb24a43db619d5d392cbcc1ae1f1031b9643627a0e4b234875b6951092803a1645de7e5e46b2b5f53fc17044112192b92246a3f65368d4e4d
SSDEEP

3072:NafaA1FPstk5CWVq6O4u1y87o5xMADJbSWu9kGHwG7MIPwXaCf:o1FFwvP7o5xMAYW5qE

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\DisplayIcon.ico	UninstallView.exe
File opened for modification	C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe	UninstallView.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
288	UninstallView.exe

C:\Users\Admin\AppData\Local\Temp\UninstallView.exe
"C:\Users\Admin\AppData\Local\Temp\UninstallView.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
PID:288

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/288-54-0x000007FEFB611000-0x000007FEFB613000-memory.dmp

Filesize
8KB

Download