7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01-11-2022 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Size

888KB
MD5

4fb9aa8e8ad1982d4ced59d8e98e635c
SHA1

6fa8c7076f7223df419885397d8d7a727f6d2230
SHA256

7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6
SHA512

25c50253650668ca516a4e4d68c69a362c9f821179840847abec832117a05d8e0d36f2a6ee4dc0b87e91d7c1eee1fcf8d63d315f62bbf4fbb82aff73dbaefa12
SSDEEP

24576:9bJxf76Q/+xI6oCVaPbs9iEYnVZHajuQvZqeLYVQ6qrtei55kH79BafbcNX:F98yVZ6jtvoeLQQ6qr955g

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\VERSION	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\TypeLib\Version = "1.0"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\TypeLib\Version = "1.0"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\TypeLib\ = "{2145D673-E73A-4A0B-AF6C-D549CA6710B0}"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\Implemented Categories	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ = "_VisDataClass"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ = "_VisDataClass"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ProxyStubClsid32	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\ProgID\ = "VisData.VisDataClass"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid\ = "{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0\0\win32	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\TypeLib\ = "{2145D673-E73A-4A0B-AF6C-D549CA6710B0}"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\TypeLib	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0\ = "VisData Database Utility"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\ProgID	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\VERSION\ = "1.0"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ = "VisDataClass"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0\HELPDIR	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\TypeLib\ = "{2145D673-E73A-4A0B-AF6C-D549CA6710B0}"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\ = "VisData Database Utility"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\TypeLib	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\TypeLib	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\ = "VisData Database Utility"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0\FLAGS	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0\0	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ProxyStubClsid32	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\LocalServer32	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}\ProxyStubClsid	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA49F19F-C841-4D6D-9F47-95367CCC5EDB}\Programmable	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{2145D673-E73A-4A0B-AF6C-D549CA6710B0}\1.0\FLAGS\ = "0"	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D420924F-9E9B-4583-BD06-265E7945D9C2}	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1416	7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe

C:\Users\Admin\AppData\Local\Temp\7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe
"C:\Users\Admin\AppData\Local\Temp\7130cf51fa3bf718e7b5d6079ce5ae6fdc27461291fdac18a43d147bf0f0a1c6.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1416-56-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads