3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Size

947KB
MD5

7695e8e4132e351e3b46f2b4d989fbb2
SHA1

df118b053abd7c25fdcce30994ff4202317a5fea
SHA256

3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e
SHA512

5be510f385e90b67996a43892a4ac0bf580718e3cf617665e381e09d004338eb3cbcc5228d57d0f9d65293802a31b9446becd1247e7f6714b6115184c355ab83

Score

1^/10

Malware Config

Signatures

Modifies registry class 62 IoCs

Processes:

3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ = "IBrowserToDelphiEvents"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.NeoBookIEProtocol\	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\0\win32	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ = "IBrowserToDelphi"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ProxyStubClsid32	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\TypeLib	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\ = "BrowserToDelphi Object"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\ProgID	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\0	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.BrowserToDelphi\Clsid	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\ProgID	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.BrowserToDelphi\Clsid\ = "{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\Version\ = "1.0"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\LocalServer32	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ = "IBrowserToDelphi"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib\Version = "1.0"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\FLAGS	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\LocalServer32	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\FLAGS\ = "0"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.BrowserToDelphi	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\ProgID\ = "NBRun.BrowserToDelphi"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\ = "NBRun Library"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib\Version = "1.0"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\TypeLib\Version = "1.0"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ProxyStubClsid32	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.NeoBookIEProtocol\Clsid	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ProxyStubClsid32	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ED4F5A35-81E4-4CBF-A823-AAA3C0847C6E}\Version	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib\Version = "1.0"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ProxyStubClsid32	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1551601C-141C-4499-9C05-557CA1440A05}\ = "IBrowserToDelphiEvents"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C2B40D2-963F-4307-AD3E-44A17D530D67}\1.0\HELPDIR	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.NeoBookIEProtocol	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.NeoBookIEProtocol\Clsid\ = "{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F35EFE-C7D9-4628-A63C-DD41F5DE5914}\ProgID\ = "NBRun.NeoBookIEProtocol"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}\TypeLib\ = "{8C2B40D2-963F-4307-AD3E-44A17D530D67}"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NBRun.BrowserToDelphi\ = "BrowserToDelphi Object"	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDB878B2-3F43-4471-B746-47906E644468}	3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe

C:\Users\Admin\AppData\Local\Temp\3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe
"C:\Users\Admin\AppData\Local\Temp\3b398d00dde2a5de31879af508c40aace2b580f402ff1390353f711f6ad4da7e.exe"
1⤵
- Modifies registry class
PID:972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/972-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads