04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Size

1.6MB
MD5

fcd973916c15876e710d2d9ec8fb33e0
SHA1

063d54c3162a1c1c763f9ef1588562ef320734a1
SHA256

04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df
SHA512

eb692b6069675d2f419646608cddd8b1f5f09311be8b1eaad12425bf1c7a870891782153148a8fc231a147fc73ad12f58e60c72905c05f2b9aa0a50881cd02ed
SSDEEP

24576:EeI3gKygtkgcPsl92t+rx8RLDhLsT3UAubB0w3s9u5mY:CNOwk+Tdy0/jY

Score

1^/10

Malware Config

Signatures

Modifies registry class 22 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\printto\ddeexec\ = "[printto(\"%1\",\"%2\",\"%3\",\"%4\")]"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\print\command	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\print\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\04D032~1.EXE /dde"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\ = "PDFEdit ??"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\DefaultIcon	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\04D032~1.EXE,1"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\open\ddeexec	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\open	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\print\ddeexec	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\printto\ddeexec	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\open\command	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\04D032~1.EXE /dde"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\printto\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\04D032~1.EXE /dde"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\04D032~1.EXE,3"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\open\ddeexec\ = "[open(\"%1\")]"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\print\ddeexec\ = "[print(\"%1\")]"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\printto\command	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\print	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\shell\printto	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFEdit.Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\04D032~1.EXE,2"	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
960	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
960	04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe

C:\Users\Admin\AppData\Local\Temp\04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe
"C:\Users\Admin\AppData\Local\Temp\04d032eb17a213901a846d1c2544688762f48bb03ad28b67084c565c1b4803df.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-54-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download
memory/960-55-0x0000000000400000-0x000000000059D000-memory.dmp

Filesize
1.6MB

Download
memory/960-56-0x0000000002ED0000-0x000000000306D000-memory.dmp

Filesize
1.6MB

Download
memory/960-57-0x0000000000400000-0x000000000059D000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads