61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e

Analysis

max time kernel
34s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/11/2022, 14:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Size

608KB
MD5

d7a52084ebdae43ac7115a81f7b5e8b3
SHA1

dc005fd7e2e7beac687a2782d730df1f464ee2cc
SHA256

61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e
SHA512

883190d53456cedc0e6bca0caa8782c5a2a260d8015ff100e1631d44c8710ce4169ad81983e664f994a2528daa460c0e896ea5e4e407348febda5cc249b0e25c
SSDEEP

12288:BuVWdOH3HgYvxvl81RMKXJBTlrjVGkkk:v8HgYpl81q

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ProxyStubClsid	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\TypeLib	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\ = "VisData Database Utility"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\VERSION	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\LocalServer32	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\TypeLib	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\TypeLib	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\TypeLib\ = "{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0\ = "VisData Database Utility"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0\0\win32	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ProxyStubClsid32	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\TypeLib\ = "{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\ = "VisData Database Utility"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ = "VisDataClass"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ProxyStubClsid32	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\VERSION\ = "1.0"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ = "_VisDataClass"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\ProgID	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0\FLAGS	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0\FLAGS\ = "0"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0\0	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\TypeLib\Version = "1.0"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\Implemented Categories	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ = "_VisDataClass"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\ProgID\ = "VisData.VisDataClass"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\TypeLib\Version = "1.0"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid\ = "{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\Programmable	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51022E83-F87B-4C94-BA2E-13E3BAEFEAA2}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}\1.0\HELPDIR	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\TypeLib\ = "{6A9B9B53-BAD2-414A-97A7-B597C79E4B35}"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5F3C430-E388-47F6-BEC7-A1D8A47EAC6D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1968	61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe

C:\Users\Admin\AppData\Local\Temp\61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe
"C:\Users\Admin\AppData\Local\Temp\61a390dca6e1d32aec379f10ff75925eee6afacb6af0deaffc81e1322f0cc47e.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-56-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads