5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Size

720KB
MD5

6a4c0b9edc7deff723d5ddeeb356b8ab
SHA1

38b00f9254473005e85b294c0a0cd69653a6e21b
SHA256

5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc
SHA512

48beeba61c9a5672627a94e31f38c7b91795840a951a5df1ad8196681855c7b97d643289657ca9430d79ef542654f75f20f02c203bd4dc5b7cb24bc6d42ac5fe
SSDEEP

12288:pehnkfAOkLiMtoOYBlqMPXodhRBuCh1Yv2NCvYP9U/VlL38dnjVMi/haxZVg:Wnkf5kLZqOWlqMPXodhRBuCh1Yv2NCvA

Score

1^/10

Malware Config

Signatures

Modifies registry class 52 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\TypeLib\ = "{4DA24BCC-F001-11D1-B00A-00A0C98F3098}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CondorTabDlg.clsCondorTabDlg	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CondorTabDlg.clsCondorTabDlg\Clsid	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CondorTabDlg.clsCondorTabDlg\Clsid\ = "{4DA24BC9-F001-11D1-B00A-00A0C98F3098}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ = "_clsCondorTabDlg"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\TypeLib\ = "{4DA24BCC-F001-11D1-B00A-00A0C98F3098}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\TypeLib\Version = "5.1"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DA24BC8-F001-11D1-B00A-00A0C98F3098}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DA24BC8-F001-11D1-B00A-00A0C98F3098}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ProxyStubClsid	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1\FLAGS	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\TypeLib\Version = "5.1"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\VERSION	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DA24BC8-F001-11D1-B00A-00A0C98F3098}\ = "clsCondorTabDlg"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ProxyStubClsid32	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\TypeLib	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DA24BC8-F001-11D1-B00A-00A0C98F3098}	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\Programmable	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ = "_clsCondorTabDlg"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\VERSION\ = "5.1"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DA24BC8-F001-11D1-B00A-00A0C98F3098}\Forward\ = "{69ED686A-867D-45E5-8069-F0F82B236185}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\Implemented Categories	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DA24BC8-F001-11D1-B00A-00A0C98F3098}\ProxyStubClsid	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DA24BC8-F001-11D1-B00A-00A0C98F3098}\ProxyStubClsid32	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\LocalServer32	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CondorTabDlg.clsCondorTabDlg\ = "CondorTabDlg.clsCondorTabDlg"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1\FLAGS\ = "0"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ProxyStubClsid32	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\TypeLib	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ = "clsCondorTabDlg"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1\ = "Condor Settings Tab Dialog"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1\HELPDIR	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\ = "CondorTabDlg.clsCondorTabDlg"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\ProgID	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\TypeLib	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\TypeLib\ = "{4DA24BCC-F001-11D1-B00A-00A0C98F3098}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\ProgID\ = "CondorTabDlg.clsCondorTabDlg"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1\0	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{4DA24BCC-F001-11D1-B00A-00A0C98F3098}\5.1\0\win32	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{69ED686A-867D-45E5-8069-F0F82B236185}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DA24BC8-F001-11D1-B00A-00A0C98F3098}\Forward	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA24BC9-F001-11D1-B00A-00A0C98F3098}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1608	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1608	5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe

C:\Users\Admin\AppData\Local\Temp\5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe
"C:\Users\Admin\AppData\Local\Temp\5097f70d8dd106e97831224e10be6bf443365f7c1efe39b46c4213a43e1064fc.exe"
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1608-54-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download
memory/1608-57-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads