f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45

General

Target

f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Size

351KB
MD5

8b4f124967a4a479429b518f5f88c6d8
SHA1

0a956acaa75973389464355f491243a53083902f
SHA256

f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45
SHA512

24754725b72bf6df7b71106db8a2b0c6ffeda1d4758d1ac8bf4af352b55363a319a8ef24c3c1e0cd2e6fec6670571adfdf39641c6b153b9e5b97c2bda5b5ba5f
SSDEEP

6144:8ofL8p8yh2zBoAlsQAwz/82Ev8B/Wn+aCyIK3ccnMxjqLqTaoVv:S2toAlsZ6EvI/OW1K3DnsSqTJVv

Score

1^/10

Malware Config

Signatures

Modifies registry class 36 IoCs

Processes:

f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\9\win32\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\VersionIndependentProgID	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\InprocServer32	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\ProgID\ = "IMAPI2.MsftStreamZero.1"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\9\win32\ = "C:\\Windows\\SysWOW64\\msvbvm60.dll\\3"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\TypeLib\ = "{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\Version\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\VersionIndependentProgID\ = "IMAPI2.MsftStreamZero"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\ = "Visual Basic runtime objects and procedures"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\Version\ = "1.0"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\ProgID	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\9	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\9\win32	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\FLAGS\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\FLAGS\ = "4"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\TypeLib\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\InprocServer32\ = "C:\\Windows\\SysWOW64\\imapi2.dll"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\ProgID\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\HELPDIR\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\TypeLib	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\ = "Peviv class"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\9\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\VersionIndependentProgID\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\InprocServer32\	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\FLAGS	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\HELPDIR	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D5D32B6-229C-84B1-7E8E-EB28E6722C21}\6.0\HELPDIR\ = "C:\\Windows\\SysWOW64"	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9204D0A8-62FF-4AC1-86A9-287B5F3404E9}\Version	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe

pid process

456 f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe

pid	process
456	f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe

C:\Users\Admin\AppData\Local\Temp\f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe
"C:\Users\Admin\AppData\Local\Temp\f96b7e492a2653887623c9242c2f96cb434e535618af3bded7fe75058a5f4a45.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/456-132-0x0000000000400000-0x0000000000633000-memory.dmp

Filesize
2.2MB

Download
memory/456-133-0x0000000000400000-0x0000000000633000-memory.dmp

Filesize
2.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads