45fc2b0c7797823faf468d8a1b2aa1ab7df0b33289b349429d7366968401c992

Analysis

max time kernel
137s
max time network
148s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:12

Target

054c8424b62b978c4750d45caffc5e06.exe
Size

66KB
MD5

054c8424b62b978c4750d45caffc5e06
SHA1

b0d6c75852791e98bb5c51814612de6541b950eb
SHA256

45fc2b0c7797823faf468d8a1b2aa1ab7df0b33289b349429d7366968401c992
SHA512

002b76c4ea9311ae6e2901465ee9fb11b28114290d2ee64d3e7d68ff47fe91027e8a30edd3b6564eaee73e55c7d0c3545a26d3f119f8396fa025599285db4d10
SSDEEP

1536:ys/nGIA6lpWehS0XsUMNLlAiiSxMQeNxVC8cC4qmbQqQgo:ySnt2ehS0X5MNLlxiHNxv0JFQgo

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 30 IoCs

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2856	054c8424b62b978c4750d45caffc5e06.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2856-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2856-1-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2856-0-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download