9811501a32c5d39dfccc30ada4c5538602a53b94d19ba0d6323c830f8234d27c | Triage

Analysis

max time kernel
1445s
max time network
1445s
platform
windows10_x64
resource
win10v20201028
submitted
25-11-2020 13:36

Sharing

Report Analysis Logs

General

Target

dotEXE1.exe
Size

5.3MB
MD5

d8e3e53d1eb7b3cc029ccd1b4af18aaa
SHA1

3e3057d6e140a8c7b29929b3982f3f27692635f6
SHA256

9811501a32c5d39dfccc30ada4c5538602a53b94d19ba0d6323c830f8234d27c
SHA512

5f55b1a3de85d5d298ce2fe8915b0bc9918f3f0f9758180028dd89ac0b3913a369530eb8e520cffb35eebb46db583325f65a4d070751b7fd4b8022e9b697e667

Score

1^/10

Malware Config

Signatures

Modifies registry class 2 IoCs

Processes:

dotEXE1.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	dotEXE1.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	dotEXE1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

dotEXE1.exe

pid process

636 dotEXE1.exe
636 dotEXE1.exe

C:\Users\Admin\AppData\Local\Temp\dotEXE1.exe
"C:\Users\Admin\AppData\Local\Temp\dotEXE1.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:636

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...