a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 19:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Size

270KB
MD5

0e7aaa4713ed146784164163c89062c0
SHA1

83b6a0f9e75d2712296695fe390cf0ec97fad664
SHA256

a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3
SHA512

ef65ea4411ac11eb2f9655baba5a53677b28dedc9c02db2c625de5fa6b7f10b209dc4549ade89c73854bd9cee86ff8ae8d5b8a025914fb6b82e00b0dbd54c18f
SSDEEP

6144:bb2BRvEm8iIeqZUKRm1J0XhWqoDTUEaBMio8P:gRvEm8iIeNWiJ0XhWl0EKTP

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\0\win32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ = "IAgentCommandEx"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\0\win32\ = "C:\\Windows\\msagent\\AgtCtl15.tlb"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentSpeechInputProperties"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentPropertySheet"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCharacter"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ = "IAgent"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\FLAGS\ = "0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\ = "IAgentCharacterEx"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\0	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentBalloon"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ = "IAgentCommandWindow"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentUserInput"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\ = "Microsoft Agent Server Extensions 2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\ = "{D6589123-FC70-11D0-AC94-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\VersionIndependentProgID	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ = "IAgentNotifySink"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe

C:\Users\Admin\AppData\Local\Temp\a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
"C:\Users\Admin\AppData\Local\Temp\a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe"
1⤵
- Modifies registry class
PID:1536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1536-54-0x0000000001000000-0x0000000001046000-memory.dmp

Filesize
280KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads