3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777

Analysis

max time kernel
101s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2022 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Size

420KB
MD5

b79c25501a241b4ccc6f61911734cde5
SHA1

b93a4a73d6cbe03c92ddddabd5b5896af629856f
SHA256

3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777
SHA512

0c33c01cf0f2fdcb434253919eb7b8232d5364470c93cd3407a02311ea8ff0b41e5be3c828649e84505365c4bc39f36219fdce8fc06b0664d4a65adea74acef5
SSDEEP

6144:utKe5fc8MEU1oFAbMgcG+ZCiu4l0SXCYPVp+ab4eI74NR41:+D21oFAwgcG4bdPvNN0

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0\FLAGS\ = "0"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\TypeLib\ = "{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\ProgID\ = "VisData.VisDataClass"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\Implemented Categories	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\Programmable	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0\FLAGS	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ProxyStubClsid32	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\LocalServer32	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\VERSION\ = "1.0"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\ = "VisData Database Utility"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\TypeLib	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\TypeLib	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ProxyStubClsid	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0\HELPDIR	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ = "_VisDataClass"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0\ = "VisData Database Utility"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0\0\win32	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\ = "VisData Database Utility"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\ProgID	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass\Clsid\ = "{F4BD97D0-7793-4CF3-AD00-397839B1D567}"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ = "VisDataClass"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0\0	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\TypeLib\Version = "1.0"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\TypeLib\ = "{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ = "_VisDataClass"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\TypeLib\ = "{C78F7BD6-2CA5-4870-A9A3-EC0A196DB45E}"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\TypeLib\Version = "1.0"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}\VERSION	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\TypeLib	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ProxyStubClsid32	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4BD97D0-7793-4CF3-AD00-397839B1D567}	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisData.VisDataClass	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{809C65F3-D9D9-4E4F-9C08-DB1C54F0867C}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5012	3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe

C:\Users\Admin\AppData\Local\Temp\3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe
"C:\Users\Admin\AppData\Local\Temp\3b34ca44ca0e9c1848c44cbb5e32c4eb19ca48058dcb4c22621e26e205036777.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5012

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads