d3ae20cfce0beaa99e7e025e636ffdf1edb803adce99a3778625e89f965456fa

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:43

Target

00d3271c81d87f0111fadd455ae428a5.exe
Size

29KB
MD5

00d3271c81d87f0111fadd455ae428a5
SHA1

44a0c267778d7530b5553ad0af29ee5c5da5894d
SHA256

d3ae20cfce0beaa99e7e025e636ffdf1edb803adce99a3778625e89f965456fa
SHA512

a8a8660ad1110345ed125a331ed2e45fc7bdd1d2b5e6cb13a6dae70832acfa6a6bdb9cb1149b8c1167e84c32ba5ffa36b963fb747c14bf4e53213ccfcb7461e8
SSDEEP

768:oGU21skdbiRnclSOKsmFVSFyT84ZOAWr6x0S8lr:oGvbiRncl3KS940FJSy

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Update	00d3271c81d87f0111fadd455ae428a5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\00d3271c81d87f0111fadd455ae428a5.exe
"C:\Users\Admin\AppData\Local\Temp\00d3271c81d87f0111fadd455ae428a5.exe"
1⤵
- Drops file in System32 directory
PID:840

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Windows\SysWOW64\Isass.scr

Filesize
2KB

MD5
8bfcf44eb468bd8d016c0a378f5ce3b6

SHA1
11afc64a4248bf6856fc4f8481d6b62f50f86143

SHA256
04aa3b55acb1d205869dda64310cd684169666980c1fc4f41d7364ee58a7f973

SHA512
3e445d11ba096b13fca27dd4a7cd620eff4a31f90163f91002128baf96ad95bf58f4dd7143ca59789701aacc55fd9d68400e6bff350e1781696cdf0a95754ea8

Download Submit
memory/840-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download