dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee

Analysis

max time kernel
74s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2022, 09:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
Size

4.2MB
MD5

9eac211bb8fb239ae00a0285d275ac90
SHA1

6edfee267383b21ec9b8cec7ffe199af1909f99d
SHA256

dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee
SHA512

d513c401dc71d16c6681362149c98b8ee7a5b99e909463ff7dd327f8c0c9327c752f4b614773a61b5993e8f6a1bf8efc0d7f185f6c85894025a86b4d01266bb8
SSDEEP

98304:bNhKu9bkxbIYUtPJay7PUkKqvd7//X0MkHgSl7b:xpJL8pi73at7b

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4792-132-0x0000000000400000-0x0000000000594000-memory.dmp	upx
behavioral2/memory/4792-133-0x0000000000400000-0x0000000000594000-memory.dmp	upx

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF56FF80-3803-422B-80A0-9844629C810C}	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF56FF80-3803-422B-80A0-9844629C810C}\IMPLEMENTED CATEGORIES	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF56FF80-3803-422B-80A0-9844629C810C}\IMPLEMENTED CATEGORIES\{C376DC05-16CC-4498-8BF3-1F0D8FF4013A}\svrid	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\\{BF56FF80-3803-422B-80A0-9844629C810C}\\IMPLEMENTED CATEGORIES\\{C376DC05-16CC-4498-8BF3-1F0D8FF4013A}	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF56FF80-3803-422B-80A0-9844629C810C}\IMPLEMENTED CATEGORIES\{C376DC05-16CC-4498-8BF3-1F0D8FF4013A}\uuid = "645fd8dbafc7ac3afe918ed7861f74df"	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF56FF80-3803-422B-80A0-9844629C810C}\IMPLEMENTED CATEGORIES\{C376DC05-16CC-4498-8BF3-1F0D8FF4013A}	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4792	dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe

C:\Users\Admin\AppData\Local\Temp\dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe
"C:\Users\Admin\AppData\Local\Temp\dfa00a52c14cfe8bf5ecfe6a6652c79118f0524102e74b99a56d6028fe878fee.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4792-132-0x0000000000400000-0x0000000000594000-memory.dmp

Filesize
1.6MB

Download
memory/4792-133-0x0000000000400000-0x0000000000594000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads