Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
05-03-2022 07:15
Static task
static1
Behavioral task
behavioral1
Sample
Viruses/a.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Viruses/b.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
Viruses/c.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral4
Sample
Viruses/d.exe
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral5
Sample
Viruses/f.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral6
Sample
Viruses/h.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
Viruses/d.exe
-
Size
157KB
-
MD5
25e62ef07aa497ff4b13549bc6639e19
-
SHA1
c8cee35f713031ca109dffae4fbede766d427e08
-
SHA256
aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc
-
SHA512
281a723c3ebfb369ad5bb73e18de0654e9ed1df25af49fcceaafe5afe425975c688eb4df4934b386b5532949f4bea6e688e33b599739e40ac381484e766fce5f
Score
1/10
Malware Config
Signatures
-
Modifies registry class 24 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib\ = "{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}" d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\HELPDIR d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib\Version = "0.0" d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\409\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Viruses\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ = "IBadger" d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib\Version = "0.0" d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\ d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\FLAGS\ = "0" d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\409 d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ = "IBadger" d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ProxyStubClsid32 d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02} d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0 d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0} d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib\ = "{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}" d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0} d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ProxyStubClsid32 d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\FLAGS d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\409\win32 d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Viruses" d.exe