4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0

General

Target

4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Size

320KB
MD5

a68f28bc5b7ef2470da93aa0c387fb62
SHA1

9805a0b9f9721a76d3a208948f12542efaadd2d2
SHA256

4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0
SHA512

d1a0eeec6d060858fb2e6a531c4b44ace4929d2aeec6580ae6b3e9089dc893c2d25ea4f0d501fe17137190d64a26f2d0a72a6f4e00fa8cb57280029c239301f6
SSDEEP

6144:jNhtneNlRWpAe/h1rSPYFVqQ+FJyYwQmbX0Evg7Ja6jbNDS:1glc+YXrO7FoImglJa69S

Score

1^/10

Malware Config

Signatures

Modifies registry class 27 IoCs

Processes:

4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\ProgID\ = "Msxml2.MXXMLWriter.6.0"	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\0	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\ = "WorkspaceBrokerAx 1.0 Type Library"	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\FLAGS	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\InProcServer32\ = "C:\\Windows\\SysWOW64\\msxml6.dll"	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\ = "Ikelo Gihergapa Iqijev Class"	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\0\win32\ = "%systemroot%\\SysWow64\\wkspbrokerAx.dll"	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\FLAGS\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\Version\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\0\win32	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\TypeLib	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\InProcServer32\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\ProgID\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\InProcServer32	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\TypeLib\ = "{FBAE4865-32C2-B93E-77CD-49FC78DB7294}"	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\FLAGS\ = "0"	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\TypeLib\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\0\win32\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\Version	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\Version\ = "6.0"	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83A01B61-B7D0-4CC2-3596-16065D4A5604}\ProgID	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBAE4865-32C2-B93E-77CD-49FC78DB7294}\1.0\0\	4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe

C:\Users\Admin\AppData\Local\Temp\4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe
"C:\Users\Admin\AppData\Local\Temp\4541e9c844f9ad0615e582bbf6acd0aa47e29e64f414d73207ced7a846034ab0.exe"
1⤵
- Modifies registry class
PID:4324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4324-132-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4324-133-0x0000000002220000-0x0000000002280000-memory.dmp

Filesize
384KB

Download
memory/4324-134-0x00000000022D0000-0x00000000022D5000-memory.dmp

Filesize
20KB

Download
memory/4324-135-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4324-136-0x0000000002220000-0x0000000002280000-memory.dmp

Filesize
384KB

Download
memory/4324-137-0x00000000022D0000-0x00000000022D5000-memory.dmp

Filesize
20KB

Download
memory/4324-138-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads