a3f0a117d5ca86ccc24126ccad26e3970a6d844e11305435c05e944b3da3593f

Analysis

max time kernel
110s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0859487f30ad8f4a0453ca62b825b8e2.exe
Size

56KB
MD5

0859487f30ad8f4a0453ca62b825b8e2
SHA1

f90d2c69ec05affa710074dd96a0c55bcc77b3d6
SHA256

a3f0a117d5ca86ccc24126ccad26e3970a6d844e11305435c05e944b3da3593f
SHA512

40492a773f43989a6cea4b04c77ea733f8006d39e7a5aa7e8eb48137d091c4c963095b74bbe2e79bc2bafc4bbc6cfa5d6223ae55959c992b883d109da54a89a8
SSDEEP

768:YiYZBidgXcaWRjVTCI4jJIlqughoi8Ht9eIZxQb4lDDMvVX:YiYedcsRhuI4IquQm9e8y4FCVX

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe
1192	0859487f30ad8f4a0453ca62b825b8e2.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1192	0859487f30ad8f4a0453ca62b825b8e2.exe

C:\Users\Admin\AppData\Local\Temp\0859487f30ad8f4a0453ca62b825b8e2.exe
"C:\Users\Admin\AppData\Local\Temp\0859487f30ad8f4a0453ca62b825b8e2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-1-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1192-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1192-0-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/1192-3-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download