Analysis
-
max time kernel
48s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
15-10-2022 19:37
Static task
static1
Behavioral task
behavioral1
Sample
2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe
Resource
win10v2004-20220812-en
General
-
Target
2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe
-
Size
481KB
-
MD5
64f8ab7f01f58075936cecb8f48ec10e
-
SHA1
4b09aef19ef855b03a51cb1d0d8d1ce6895d4246
-
SHA256
2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884
-
SHA512
cfdad04d46e0728ac1ced12b0c11f7181ba5ef6c623f359677ae8b3180ec6db5c563431e6e99aaf0bee11f3b87d0bfbc102042269e4997eca93d0d4dd8944c3f
-
SSDEEP
12288:3n6wWgwP5Z7NgLvq6IpkAsEiyqLLUfhRTVR+WHH:3nNWNP2LQp1s3LL8n
Malware Config
Signatures
-
Modifies registry class 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node\CLSID\{B759E5BB-901C-4ddb-A41A-A9544FC3A6E2}\DefaultIcon\ = "C:\\WINNT\\EXPLORER.EXE,0" 2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node\CLSID\{B759E5BB-901C-4ddb-A41A-A9544FC3A6E2}\DefaultIcon 2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node 2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node\CLSID 2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node\CLSID\{B759E5BB-901C-4ddb-A41A-A9544FC3A6E2} 2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1256 2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe 1256 2d7317e89b306e3544711b6c04e20da74589c723107695313a53650de7c09884.exe