Analysis
-
max time kernel
37s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
01-11-2022 14:00
Static task
static1
Behavioral task
behavioral1
Sample
dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe
-
Size
696KB
-
MD5
1211fdb87de0265193196ccbd50c1e15
-
SHA1
b76f40312ea50bf2a2133dbb3916dc952766efe8
-
SHA256
dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229
-
SHA512
339f49c35440b8d5f0ac0bdcfc587031d445b5ba6df4994d414511ad6c2d22bbe169d9fb06565b40ff14e11dda0a0497bbc5b7b27eddec05f3b1e4e509cbf015
-
SSDEEP
12288:Ap1H0f+9DMm3Sug1tZNo3XYrMazuL1l5lRtQ/i/Me5lqnz6dfDNgJeGLPet9rwzP:AXUf+9R3IjdSu
Score
1/10
Malware Config
Signatures
-
Modifies registry class 44 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\TypeLib dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\LocalServer32 dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\TypeLib\ = "{6E2CCE63-5E96-4253-A191-AE411456931B}" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid\ = "{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\Implemented Categories dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0\ = "VisData Database Utility" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ProxyStubClsid32 dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\VERSION\ = "1.0" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B} dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\TypeLib dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ = "_VisDataClass" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9} dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ = "_VisDataClass" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\TypeLib dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\ = "VisData Database Utility" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ProxyStubClsid dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0\0\win32 dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0\HELPDIR dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\Programmable dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ = "VisDataClass" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9} dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\ = "VisData Database Utility" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0\FLAGS\ = "0" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0\0 dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\TypeLib\ = "{6E2CCE63-5E96-4253-A191-AE411456931B}" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\TypeLib\Version = "1.0" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\TypeLib\Version = "1.0" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0 dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0\FLAGS dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\VERSION dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22} dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ProxyStubClsid32 dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\ProgID dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{6E2CCE63-5E96-4253-A191-AE411456931B}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3979FAE0-B1CC-49B4-B76C-2BC13AE5A0C9}\TypeLib\ = "{6E2CCE63-5E96-4253-A191-AE411456931B}" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CAC25D3-39E4-4B95-ADA9-DD4B10735F22}\ProgID\ = "VisData.VisDataClass" dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1500 dc2253c988c077fde41d57202b899d23bad53054f474184eddbec5a3f0fdf229.exe