6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/11/2022, 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Size

1.9MB
MD5

4373955bab67d143712e1e1e115cabfb
SHA1

a841a192e9c8831eb9cea030a37b8e851a59b7b1
SHA256

6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7
SHA512

e9da286928095c6d00bd92e1968aae5aac5462c7ba9a59b9e272839004c9137431903deb0db72482986b124e4f09303f88c24eb5c9d5896e4f8bc628345c1e54
SSDEEP

49152:+7fzj9bvuoUBpCrKHHv8qe6xAtKe9c2duUdH/cNtp:+bFbvuoUBEKnv8t6xAtKe9c5UdH+

Score

1^/10

Malware Config

Signatures

Modifies registry class 18 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\printto\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6D896D~1.EXE /pt \"%1\" \"%2\" \"%3\" \"%4\""	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mgd\ShellNew	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\DefaultIcon	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\print	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\printto\command	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\open\command	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\printto	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\open	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\print\command	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mgd\ = "mgd"	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mgd	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mgd\ShellNew\NullFile	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\ = "Megadi Document"	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6D896D~1.EXE,1"	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6D896D~1.EXE \"%1\""	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mgd\shell\print\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6D896D~1.EXE /p \"%1\""	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1384	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
1384	6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe

C:\Users\Admin\AppData\Local\Temp\6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe
"C:\Users\Admin\AppData\Local\Temp\6d896dd7718d6a967dd3a6302cdd33ecee56884372d9472e080eaed0877444f7.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1384-54-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads