8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b

Analysis

max time kernel
90s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 07:29

Target

8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b.exe
Size

642KB
MD5

809ab4331cb1537fe285455673af1770
SHA1

9e37e26b151209296e63be31c2e224935d783a3d
SHA256

8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b
SHA512

2baa5b9551f13d6e6299ca1b2b2d53d56dbcaa2044df847e0eab9ddc87f294d68328edd1aeb0fc9ba4fe8cde12c2a903895e94fd58d7291fe84bbc7c65d1f5ea
SSDEEP

12288:6EEbc493S64S3hKGIKmBuBlLEBNre5mw4C3bVizWdH10uUXW4NW7+p:6EEbcS3x3hjuTBNap42izW1vUXW4NW7a

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1400	8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4960	1400	WerFault.exe	83

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD1DE7DC-3AC1-13D1-B2E4-0060975B8649}	8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD1DE7DC-3AC1-13D1-B2E4-0060975B8649}\0 = 709cd5e4d3748e1823a86dec90b4450ec05934ffd8a0ba	8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD1DE7DC-3AC1-13D1-B2E4-0060975B8649}\Version	8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD1DE7DC-3AC1-13D1-B2E4-0060975B8649}\Version\ = "1.0"	8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b.exe

C:\Users\Admin\AppData\Local\Temp\8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b.exe
"C:\Users\Admin\AppData\Local\Temp\8dc5b58d080033fde2287cfa2a747e3f260f202ee53f5ceead83a81fdee57f7b.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
PID:1400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 632
  2⤵
  - Program crash
  PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1400 -ip 1400
1⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\ArmCE41.tmp

Filesize
120KB

MD5
165161b7383efda968d57178bd6d7635

SHA1
caf56fb0aeacec26836a9e23972bf31cf801990d

SHA256
3d6aa366f87db6044f6fb07c3d9617bf3b2fa653bbd48d3d86b793c9ef25fd0b

SHA512
93f702252f5a069ba34f98e96658d8ea4716e796991d62d42a41475b91b37fe81c9b21ac2b226cb4eab6d96ac68f744c86eae3601179ad9169b3660f9b266c14

Download Submit