dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Size

1.9MB
MD5

57b943867655e8d43ade623b22e81067
SHA1

12d24ee08d32fa151eee8f7265e9dff7cfe343d0
SHA256

dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7
SHA512

8841f50071cf8ef5bb33ec5fbb19a8a811d3a352f1d181bec2969e30a69a70bc91d8b23be4d014cabd9775e7f9921e4a3a564d29f817a717dd35ad4b13a87993
SSDEEP

24576:ivbpk/aFtCW/pk/+KiI3Om8EJZOm8EJ6WrWgVFrmOl+E72y/5LIinbG:izpvpNKiuOJ8ZOJ86C3F6Ol+i/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 20 IoCs

pid	Process
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\MSCOMM32.OCX	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
File opened for modification	C:\Windows\SysWOW64\COMCTL32.OCX	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
File opened for modification	C:\Windows\SysWOW64\CH341PT.DLL	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
File opened for modification	C:\Windows\SysWOW64\COMDLG32.OCX	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
File opened for modification	C:\Windows\SysWOW64\ctslide.ocx	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
File opened for modification	C:\Windows\SysWOW64\ImageX.OCX	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
File opened for modification	C:\Windows\SysWOW64\hmButton.OCX	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSCOMMLib.MSComm\CLSID\ = "{648A5600-2C6E-101B-82B6-000000000014}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E90-DF38-11CF-8E74-00A0C90F26F8}\ = "IMSComm"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}\ = "ICrossComm"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0FC8A81-2CB2-101B-82B6-000000000014}\InprocServer32\ = "C:\\Windows\\SysWow64\\MSCOMM32.OCX"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E90-DF38-11CF-8E74-00A0C90F26F8}\TypeLib	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4565341-B998-4E76-AC5D-65614FCC791E}\TypeLib	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\FLAGS	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32\ = "C:\\Windows\\SysWow64\\comctl32.ocx"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E0DC8C80-3486-101B-82B6-000000000014}	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5604-2C6E-101B-82B6-000000000014}\InprocServer32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DAEAB91F-BFC7-11D4-A85D-0080C8DFC881}\3.0\HELPDIR	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAEAB922-BFC7-11D4-A85D-0080C8DFC881}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ctSLIDE.ctSlideCtrl.3\CLSID\ = "{DAEAB922-BFC7-11D4-A85D-0080C8DFC881}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{113FF3A0-5FCF-48FC-BFC4-5999A87A7092}\TypeLib\ = "{ACD4732E-2B7C-40C1-A56B-078848D41977}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\MiscStatus	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{648A5602-2C6E-101B-82B6-000000000014}	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4FAF51C8-7B62-443E-A971-1BEFDC6FA59C}\TypeLib\ = "{F6B9D3BC-3953-4A68-AD1A-BD05206D76A9}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACD4732E-2B7C-40C1-A56B-078848D41977}\1.0\ = "ImageX"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8CC6B714-AAE4-4238-B383-1005103F855D}\ProxyStubClsid	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACD4732E-2B7C-40C1-A56B-078848D41977}	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}\TypeLib\ = "{ACD4732E-2B7C-40C1-A56B-078848D41977}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{648A5603-2C6E-101B-82B6-000000000014}\1.1\0\win32\ = "C:\\Windows\\SysWow64\\MSCOMM32.OCX"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B820DE60-2510-11CF-9DFE-9C7D37B2C919}\ = "ctSlide Property Page"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4FAF51C8-7B62-443E-A971-1BEFDC6FA59C}	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C8959DE-4076-4CF9-AAF3-2500EA8B701F}\MiscStatus	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{648A5603-2C6E-101B-82B6-000000000014}\1.1\FLAGS	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAEAB920-BFC7-11D4-A85D-0080C8DFC881}\TypeLib\ = "{DAEAB91F-BFC7-11D4-A85D-0080C8DFC881}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAEAB921-BFC7-11D4-A85D-0080C8DFC881}\TypeLib\Version = "3.0"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78C9C0C0-2762-11CF-9DFE-9C7D37B2C919}\InprocServer32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSCOMMLib.MSComm.1\CLSID\ = "{648A5600-2C6E-101B-82B6-000000000014}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{648A5602-2C6E-101B-82B6-000000000014}\ProxyStubClsid32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAEAB922-BFC7-11D4-A85D-0080C8DFC881}\ToolboxBitmap32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C8959DE-4076-4CF9-AAF3-2500EA8B701F}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{113FF3A0-5FCF-48FC-BFC4-5999A87A7092}\ = "_aicAlphaImage"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ImageX.aicAlphaImage\Clsid\ = "{09AEDAC3-396D-4BE7-A2D0-6D540964E651}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ = "Microsoft Common Dialog Control, version 6.0 (SP6)"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\MSCOMM32.OCX, 1"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E90-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.1"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{648A5602-2C6E-101B-82B6-000000000014}\TypeLib\ = "{648A5603-2C6E-101B-82B6-000000000014}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACD4732E-2B7C-40C1-A56B-078848D41977}\1.0\HELPDIR	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{113FF3A0-5FCF-48FC-BFC4-5999A87A7092}\ProxyStubClsid32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4565341-B998-4E76-AC5D-65614FCC791E}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\ = "Microsoft Common Dialog Control, version 6.0 (SP6)"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ = "ICommonDialogEvents"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8CC6B714-AAE4-4238-B383-1005103F855D}\TypeLib\Version = "1.0"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4565341-B998-4E76-AC5D-65614FCC791E}\VERSION\ = "1.0"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\CLSID\ = "{F9043C85-F6F2-101A-A3C9-08002B2F49FB}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\ = "Microsoft Communications Control, version 6.0"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAEAB921-BFC7-11D4-A85D-0080C8DFC881}\ = "_DctSlideEvents"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ctSLIDE.ctSlideCtrl.3\ = "ctSlide Control 3.0"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ImageX.ICrossComm\Clsid\ = "{B4565341-B998-4E76-AC5D-65614FCC791E}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version = "1.2"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC6B714-AAE4-4238-B383-1005103F855D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\InprocServer32	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSCOMMLib.MSComm	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\VersionIndependentProgID	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAEAB922-BFC7-11D4-A85D-0080C8DFC881}\InprocServer32\ThreadingModel = "Apartment"	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
1960	dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe

C:\Users\Admin\AppData\Local\Temp\dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe
"C:\Users\Admin\AppData\Local\Temp\dbe4e63b667b70c16c66a55d0742fafafb1570aa23530f6f8b3077fd96fb18a7.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\COMCTL32.OCX

Filesize
149KB

MD5
ab412429f1e5fb9708a8cdea07479099

SHA1
eb49323be4384a0e7e36053f186b305636e82887

SHA256
e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

SHA512
f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

Download Submit
\Windows\SysWOW64\COMCTL32.OCX

Filesize
149KB

MD5
ab412429f1e5fb9708a8cdea07479099

SHA1
eb49323be4384a0e7e36053f186b305636e82887

SHA256
e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

SHA512
f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

Download Submit
\Windows\SysWOW64\COMCTL32.OCX

Filesize
149KB

MD5
ab412429f1e5fb9708a8cdea07479099

SHA1
eb49323be4384a0e7e36053f186b305636e82887

SHA256
e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

SHA512
f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

Download Submit
\Windows\SysWOW64\COMCTL32.OCX

Filesize
149KB

MD5
ab412429f1e5fb9708a8cdea07479099

SHA1
eb49323be4384a0e7e36053f186b305636e82887

SHA256
e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

SHA512
f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

Download Submit
\Windows\SysWOW64\ImageX.OCX

Filesize
460KB

MD5
4f7dd5df977d380f85d012c1c4abb4d4

SHA1
444016df4a728ca6c61dacd71c694e95fedfa1e3

SHA256
8ffa43ac8966735c4ccf2714a14cedccb366223116ab74de213166c6d9ae910f

SHA512
f13f647b4f373cf8ab7671d746bb804add09c4920faacbca64fc95c70e0fd40e99bd5d506e40b3d7540380b71bd25a28989243d062eeb8b4e9205748f8252fa7

Download Submit
\Windows\SysWOW64\ImageX.OCX

Filesize
460KB

MD5
4f7dd5df977d380f85d012c1c4abb4d4

SHA1
444016df4a728ca6c61dacd71c694e95fedfa1e3

SHA256
8ffa43ac8966735c4ccf2714a14cedccb366223116ab74de213166c6d9ae910f

SHA512
f13f647b4f373cf8ab7671d746bb804add09c4920faacbca64fc95c70e0fd40e99bd5d506e40b3d7540380b71bd25a28989243d062eeb8b4e9205748f8252fa7

Download Submit
\Windows\SysWOW64\ImageX.OCX

Filesize
460KB

MD5
4f7dd5df977d380f85d012c1c4abb4d4

SHA1
444016df4a728ca6c61dacd71c694e95fedfa1e3

SHA256
8ffa43ac8966735c4ccf2714a14cedccb366223116ab74de213166c6d9ae910f

SHA512
f13f647b4f373cf8ab7671d746bb804add09c4920faacbca64fc95c70e0fd40e99bd5d506e40b3d7540380b71bd25a28989243d062eeb8b4e9205748f8252fa7

Download Submit
\Windows\SysWOW64\ImageX.OCX

Filesize
460KB

MD5
4f7dd5df977d380f85d012c1c4abb4d4

SHA1
444016df4a728ca6c61dacd71c694e95fedfa1e3

SHA256
8ffa43ac8966735c4ccf2714a14cedccb366223116ab74de213166c6d9ae910f

SHA512
f13f647b4f373cf8ab7671d746bb804add09c4920faacbca64fc95c70e0fd40e99bd5d506e40b3d7540380b71bd25a28989243d062eeb8b4e9205748f8252fa7

Download Submit
\Windows\SysWOW64\MSCOMM32.OCX

Filesize
101KB

MD5
2c6119da3993f410e74b15112f840cb0

SHA1
9d7aaffc0bcf955cc75d4ecc228b1ceda8a1856c

SHA256
51a1d6812e445c26c71465e2709e6d1ad587f8513002d662cd160f424f48b37c

SHA512
053ece4eb2ddba51c0d683a7afd439ed88605ab83619de738f7ad2495bfe9e9f16fc3b829c7fc9c779b50f039b9fad66d16aed520a5adfd1522a711073f78208

Download Submit
\Windows\SysWOW64\MSCOMM32.OCX

Filesize
101KB

MD5
2c6119da3993f410e74b15112f840cb0

SHA1
9d7aaffc0bcf955cc75d4ecc228b1ceda8a1856c

SHA256
51a1d6812e445c26c71465e2709e6d1ad587f8513002d662cd160f424f48b37c

SHA512
053ece4eb2ddba51c0d683a7afd439ed88605ab83619de738f7ad2495bfe9e9f16fc3b829c7fc9c779b50f039b9fad66d16aed520a5adfd1522a711073f78208

Download Submit
\Windows\SysWOW64\MSCOMM32.OCX

Filesize
101KB

MD5
2c6119da3993f410e74b15112f840cb0

SHA1
9d7aaffc0bcf955cc75d4ecc228b1ceda8a1856c

SHA256
51a1d6812e445c26c71465e2709e6d1ad587f8513002d662cd160f424f48b37c

SHA512
053ece4eb2ddba51c0d683a7afd439ed88605ab83619de738f7ad2495bfe9e9f16fc3b829c7fc9c779b50f039b9fad66d16aed520a5adfd1522a711073f78208

Download Submit
\Windows\SysWOW64\MSCOMM32.OCX

Filesize
101KB

MD5
2c6119da3993f410e74b15112f840cb0

SHA1
9d7aaffc0bcf955cc75d4ecc228b1ceda8a1856c

SHA256
51a1d6812e445c26c71465e2709e6d1ad587f8513002d662cd160f424f48b37c

SHA512
053ece4eb2ddba51c0d683a7afd439ed88605ab83619de738f7ad2495bfe9e9f16fc3b829c7fc9c779b50f039b9fad66d16aed520a5adfd1522a711073f78208

Download Submit
\Windows\SysWOW64\ctslide.ocx

Filesize
92KB

MD5
2edcf32956125da10841c6ffa83ad864

SHA1
aa19d236fe4e95edf5dde3a2eb541c89be47fc0f

SHA256
f725c9bcf33e109930b1625b170b1332f9252fd7e60129b8126f5d0d3c175e79

SHA512
96de9ccdbb685abceb4b6ac2a6aeed102f357ebbbc32ab81839e3bc2ae9f46db0dd6f7870b328e7899cd94d8003c0f5e5531f0e31e4d5ac113055824b9ad3f6a

Download Submit
\Windows\SysWOW64\ctslide.ocx

Filesize
92KB

MD5
2edcf32956125da10841c6ffa83ad864

SHA1
aa19d236fe4e95edf5dde3a2eb541c89be47fc0f

SHA256
f725c9bcf33e109930b1625b170b1332f9252fd7e60129b8126f5d0d3c175e79

SHA512
96de9ccdbb685abceb4b6ac2a6aeed102f357ebbbc32ab81839e3bc2ae9f46db0dd6f7870b328e7899cd94d8003c0f5e5531f0e31e4d5ac113055824b9ad3f6a

Download Submit
\Windows\SysWOW64\ctslide.ocx

Filesize
92KB

MD5
2edcf32956125da10841c6ffa83ad864

SHA1
aa19d236fe4e95edf5dde3a2eb541c89be47fc0f

SHA256
f725c9bcf33e109930b1625b170b1332f9252fd7e60129b8126f5d0d3c175e79

SHA512
96de9ccdbb685abceb4b6ac2a6aeed102f357ebbbc32ab81839e3bc2ae9f46db0dd6f7870b328e7899cd94d8003c0f5e5531f0e31e4d5ac113055824b9ad3f6a

Download Submit
\Windows\SysWOW64\ctslide.ocx

Filesize
92KB

MD5
2edcf32956125da10841c6ffa83ad864

SHA1
aa19d236fe4e95edf5dde3a2eb541c89be47fc0f

SHA256
f725c9bcf33e109930b1625b170b1332f9252fd7e60129b8126f5d0d3c175e79

SHA512
96de9ccdbb685abceb4b6ac2a6aeed102f357ebbbc32ab81839e3bc2ae9f46db0dd6f7870b328e7899cd94d8003c0f5e5531f0e31e4d5ac113055824b9ad3f6a

Download Submit
\Windows\SysWOW64\hmButton.OCX

Filesize
136KB

MD5
3d603fbc9d773fa7085dc0c097cf674a

SHA1
adb7f22f9f5b4fbdfa5ada12333a1b55a8300785

SHA256
407e809f3c9586368776231f8faebc128b41c576f53253405ce136090434859d

SHA512
ab93cf25caea3b1ce1a775c21fdf4cb229b365b951c16f771369a3e225f6a26854b4a227f6ac70d1b70809955736bede4e9f7e466130868adc08e19590179ccb

Download Submit
\Windows\SysWOW64\hmButton.OCX

Filesize
136KB

MD5
3d603fbc9d773fa7085dc0c097cf674a

SHA1
adb7f22f9f5b4fbdfa5ada12333a1b55a8300785

SHA256
407e809f3c9586368776231f8faebc128b41c576f53253405ce136090434859d

SHA512
ab93cf25caea3b1ce1a775c21fdf4cb229b365b951c16f771369a3e225f6a26854b4a227f6ac70d1b70809955736bede4e9f7e466130868adc08e19590179ccb

Download Submit
\Windows\SysWOW64\hmButton.OCX

Filesize
136KB

MD5
3d603fbc9d773fa7085dc0c097cf674a

SHA1
adb7f22f9f5b4fbdfa5ada12333a1b55a8300785

SHA256
407e809f3c9586368776231f8faebc128b41c576f53253405ce136090434859d

SHA512
ab93cf25caea3b1ce1a775c21fdf4cb229b365b951c16f771369a3e225f6a26854b4a227f6ac70d1b70809955736bede4e9f7e466130868adc08e19590179ccb

Download Submit
\Windows\SysWOW64\hmButton.OCX

Filesize
136KB

MD5
3d603fbc9d773fa7085dc0c097cf674a

SHA1
adb7f22f9f5b4fbdfa5ada12333a1b55a8300785

SHA256
407e809f3c9586368776231f8faebc128b41c576f53253405ce136090434859d

SHA512
ab93cf25caea3b1ce1a775c21fdf4cb229b365b951c16f771369a3e225f6a26854b4a227f6ac70d1b70809955736bede4e9f7e466130868adc08e19590179ccb

Download Submit
memory/1960-78-0x0000000002D00000-0x0000000002D75000-memory.dmp

Filesize
468KB

Download
memory/1960-59-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads