d1f299e68da73c6a2340828fad5476f17d90365837c8e803ced788dbd6f4bd39

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 00:57

Target

33551829287685023901-Nummer.exe
Size

639KB
MD5

0856aa98e4df4de4854a46b449c1d989
SHA1

b650b4a3fb976ecd7854c439ec406696d859105e
SHA256

ef775461ce48cee0586d40600880aad0cd38ca7c7241f0ff97b9345feccedd33
SHA512

2f70560fd166ac781b47d739e2b0d07361beab7a99088179937664de57c643de8f052bd9dfd256dfa20b5a170bd3bee0e2c4a6374766e4ad5e88fa463808dd30
SSDEEP

12288:ow5jalVUuAOpM6qDy9CSl7bsfZTjaI/WQTT9U3W0/Fg0oDmfd0FNgI0bx:owEppqD2BY4mNDmfUf0

Score

1^/10

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	33551829287685023901-Nummer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1776	33551829287685023901-Nummer.exe
1776	33551829287685023901-Nummer.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1776-2-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/1776-3-0x0000000000401000-0x000000000049D000-memory.dmp

Filesize
624KB

Download
memory/1776-1-0x0000000000C10000-0x0000000000C11000-memory.dmp

Filesize
4KB

Download
memory/1776-0-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/1776-5-0x0000000000401000-0x000000000049D000-memory.dmp

Filesize
624KB

Download
memory/1776-4-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download