Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-07-2022 16:31
Static task
static1
Behavioral task
behavioral1
Sample
3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe
-
Size
712KB
-
MD5
1f83bd94d6717da78b5540745993558b
-
SHA1
582172580781ea8386382752ab6fa7c7aa3e61f8
-
SHA256
3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770
-
SHA512
54e649238d4538cd392d93e1ef20edf050fc9206994e5861953b81a10979437c58e51a21ac157598c50955a1afc776ad5b4d21128d7a0586beb2d1cf7ede5a90
Score
1/10
Malware Config
Signatures
-
Modifies registry class 62 IoCs
Processes:
3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.BrowserToDelphi\Clsid\ = "{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\0 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ = "IBrowserToDelphiEvents" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.BrowserToDelphi\ = "BrowserToDelphi Object" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\FLAGS 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\ProgID 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\ = "NBRun Library" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib\Version = "1.0" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\ProgID\ = "NBRun.BrowserToDelphi" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\TypeLib 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\LocalServer32 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\ProgID 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\ProgID\ = "NBRun.NeoBookIEProtocol" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\0\win32 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib\Version = "1.0" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.BrowserToDelphi\Clsid 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.NeoBookIEProtocol\Clsid\ = "{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\ = "BrowserToDelphi Object" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.BrowserToDelphi 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67} 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\FLAGS\ = "0" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E} 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ = "IBrowserToDelphi" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib\Version = "1.0" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\Version\ = "1.0" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914} 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ProxyStubClsid32 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\ 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.NeoBookIEProtocol\ 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.NeoBookIEProtocol\Clsid 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ProxyStubClsid32 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ = "IBrowserToDelphi" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ = "IBrowserToDelphiEvents" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\HELPDIR 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\LocalServer32 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05} 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468} 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ProxyStubClsid32 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib\Version = "1.0" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05} 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\Version 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468} 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ProxyStubClsid32 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.NeoBookIEProtocol 3b6a51a9d445b603380a821e42baa6bc2cc5db750c363014c753ee0aef87d770.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/896-54-0x00000000755A1000-0x00000000755A3000-memory.dmpFilesize
8KB