Analysis
-
max time kernel
113s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2022 06:10
Static task
static1
Behavioral task
behavioral1
Sample
8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe
Resource
win10v2004-20220812-en
General
-
Target
8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe
-
Size
12KB
-
MD5
07e92c47a9f8635fd96ed2ca1a6dc7af
-
SHA1
e92f03d8c5c2c06ea4967f97b264799ad4143fd2
-
SHA256
8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b
-
SHA512
fa5f5c022629fe0da5938a58de0adb895cf40dce784755dcd8fd7f083611d0f016598d25f292ad2fec29c295589c2ec1d0b65b871529a743d13419c00fa2f566
-
SSDEEP
192:N7J5ClDygzY46Oe9cA1iIvWhHbtyRo5QwcfDN/R0gA9lys0F6WUk:NDyDygzGOycA1JO1tyRkQwcfxcywRk
Malware Config
Signatures
-
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7}\Data 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7} 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe" 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7}\Data 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7} 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7}\LocalServer32 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe" 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7}\Data\ = 000000002f4c642900000000000000000000000000000000 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7}\LocalServer32 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35204E5F-3BA7-D6C4-6726-9B7CF3238DE7}\Data\ = 000000002f4c642900000000000000000000000000000000 8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe"C:\Users\Admin\AppData\Local\Temp\8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe"1⤵
- Modifies registry class
PID:1984
-
C:\Users\Admin\AppData\Local\Temp\8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe"C:\Users\Admin\AppData\Local\Temp\8a41b9f11f94882c17bc56dd0b3e0e427080f482666129ddb31ed2d30a9ad33b.exe" /s1⤵
- Modifies registry class
PID:1908