bc4101cb2be2bc8fedb16c82b4c4dc808176f519f9c2c8012c6e18b4b35d932d

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 07:54

Target

DC_offer.exe
Size

5.8MB
MD5

a18bb4006a82158678cf462cc4a943e8
SHA1

b7fbab891bca08438276b4afbf60ba52002be556
SHA256

11d9d09ca4929d4f38abd7f7a6a7107c3b697e95d02d4ea34b5b991da37d0d02
SHA512

fefea48273d1778a180dfa945c00f76601d7f7019cd00752cf25736a04d52f8cb36a6428ec3114ffbb07a24fb6323cf5a175f57a41db868e23dc0fc9b511c6f5
SSDEEP

98304:3vYsyKDAJqrZPTgfFSNAEt39cQvb86Q9j34OiZrq1DfPHNADtV6v+rCnTVv6I1nM:3vYAtOpQvb86Q9j4O7NADtV6v+rCn5vC

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1396	DC_offer.exe
1396	DC_offer.exe

C:\Users\Admin\AppData\Local\Temp\DC_offer.exe
"C:\Users\Admin\AppData\Local\Temp\DC_offer.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1396

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact