4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52

Analysis

max time kernel
5s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Size

3.5MB
MD5

fefe43d7c5b08e6238b1ce8211e56c6e
SHA1

b17ad5c5a2c6f1ef5c93c2ef386dd6ecd81236cc
SHA256

4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52
SHA512

3de682b919d23d0448de6a3904d15bc5f1b832054f345d20eaa1d68140f08a6882eced36e53cc9fed9c2db07c19f891b447f73edd87a7b42b35361e890d69ae9
SSDEEP

49152:YHO0+W+Pu6ih3OFPbRSd/7Wi0tL16j9ykFxkh847KqvMkGgZ8/LtYAKJ/HoRGQbh:K+DPUWQ7Wi0e9ykDf8PsY1HvengQ8eZ

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4808-132-0x0000000000400000-0x0000000000AA6000-memory.dmp	upx

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe"	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.DynamicNS\ = "DynamicNS"	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.DynamicNS\Clsid	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.DynamicNS\Clsid\ = "{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}"	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\ProgID	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\ProgID\ = "4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.DynamicNS"	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\ = "DynamicNS"	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\LocalServer32	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.DynamicNS	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4808	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
4808	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4808	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
4808	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
4808	4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe

C:\Users\Admin\AppData\Local\Temp\4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe
"C:\Users\Admin\AppData\Local\Temp\4bbb96d35ba8ffd77b16a333ecc79164e2f3b420c94fbe1165bde1bf6f899c52.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4808-132-0x0000000000400000-0x0000000000AA6000-memory.dmp

Filesize
6.6MB

Download