a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567

Analysis

max time kernel
91s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2022 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Size

676KB
MD5

c8888d92c147e68dbd988f6a0bd99878
SHA1

9487bbdda61e14a84ff805d631bec36a09a972ba
SHA256

a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567
SHA512

12efd3dda4aedf4b98d955c508517353f899cccdb42014358e45bf8e3c97f12d403f12938c0ac79252639a66419555a6b990c8183b776a05e5f655a6a978562c
SSDEEP

12288:PNg6ib1luaZFE8VVPgdSPMxZGQNELNMRUR9Pm598AyMJapLlU9aOHWexcwB4Gi3u:PPib1luaZy8VVPgdSPMxZGQNELNMRUR2

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0\FLAGS\ = "0"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0\HELPDIR	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\TypeLib	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\TypeLib\Version = "1.0"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0\ = "VisData Database Utility"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\ = "VisData Database Utility"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\VERSION	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ = "VisDataClass"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\Programmable	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\Implemented Categories	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ProxyStubClsid	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid\ = "{E85E0ED1-857D-4FBB-9269-485B50893AB9}"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\TypeLib	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\TypeLib\ = "{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\LocalServer32	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\TypeLib\ = "{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ = "_VisDataClass"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ProxyStubClsid32	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\TypeLib\Version = "1.0"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ = "_VisDataClass"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\ProgID	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\TypeLib	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\VERSION\ = "1.0"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0\0	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\ProxyStubClsid32	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0\FLAGS	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E85E0ED1-857D-4FBB-9269-485B50893AB9}\ProgID\ = "VisData.VisDataClass"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\ = "VisData Database Utility"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}\1.0\0\win32	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E023EF5F-C7DB-48AD-9BBB-0240D4528593}\TypeLib\ = "{B2170D85-7BCA-46EB-B3E1-F16B9D4C3262}"	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4952	a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe

C:\Users\Admin\AppData\Local\Temp\a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe
"C:\Users\Admin\AppData\Local\Temp\a2f65ed73f43182e4c58e52701da12699e5b0d3954101a29ae7917e99936d567.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4952

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads