de032c3a02f3a0c9f8eaceec691905d97c8dface0e8ccf5b5a2d0ad7d547ea89

Analysis

max time kernel
118s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 08:45

Target

de032c3a02f3a0c9f8eaceec691905d97c8dface0e8ccf5b5a2d0ad7d547ea89.exe
Size

59.0MB
MD5

b2033cbcf178b97cfeac45bb4728910e
SHA1

b9b32e7015b374b4f84fe00c794096873965ae15
SHA256

de032c3a02f3a0c9f8eaceec691905d97c8dface0e8ccf5b5a2d0ad7d547ea89
SHA512

85fe60b71bacc9aa6f9a732d1b58e2113a0b0684ceb4e285ce398c9ea8fa98d00ee0253cb196ba36a9834b708ee4a414761680be976ff60812e3083886f4f6dc
SSDEEP

1572864:OAOvdE9F7I88e3WrYCM8VbtM9cQZ8D5cU2yB0PcVNqJUz:/2dE9F798U6YCHVhM9cPNh2yhN/

Score

4^/10

Loads dropped DLL 1 IoCs

pid	Process
1152	de032c3a02f3a0c9f8eaceec691905d97c8dface0e8ccf5b5a2d0ad7d547ea89.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\de032c3a02f3a0c9f8eaceec691905d97c8dface0e8ccf5b5a2d0ad7d547ea89.exe
"C:\Users\Admin\AppData\Local\Temp\de032c3a02f3a0c9f8eaceec691905d97c8dface0e8ccf5b5a2d0ad7d547ea89.exe"
1⤵
- Loads dropped DLL
PID:1152

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\pb6ABE0480\PBCore.dll

Filesize
851KB

MD5
99c095a931b057b21e6f7cb0d7ed0f70

SHA1
bd17e2dcba280cceaca1c6a028cc65f39df3ef5e

SHA256
2a9ac7b7b0a955cf279e774f50a470a94a1458e78e8460ac580f02e6abe69792

SHA512
87e3258affd91e25f0dd6dae30904cb4867059acc3d1ce8459c4d47afad61505e47e491bf3af1f91634cbc92598b0b09c5d06de94395d01718ca9ff50de38a11

Download Submit