608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Size

533KB
MD5

9c0516d47445d439966497a5cb34e508
SHA1

5d672d7c83f389922fb1340db983df9a536df2a1
SHA256

608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066
SHA512

4438df7aafb6139dea7fb53ee8f2994d60dce1000f460032abc93ff09f3682176f73eb1a7e1cdb335eeff3b8deb075a94c3eae4f610b45c7c5e09a47f7e3da9f
SSDEEP

12288:jfKpD/Pj/w4gF3Z4mxxeDqVTVOCZ7oECKx:AcZQmXtVTzlFx

Score

1^/10

Malware Config

Signatures

Modifies registry class 47 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\FLAGS	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\0\win32\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\0\win64	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\TypeLib\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\InprocServer32\ = "C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\pdfprevhndlr.dll"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\0\win64\ = "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscoree.tlb"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\FLAGS\ = "0"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\TypeLib	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\VersionIndependentProgID	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\ProgID\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\FLAGS\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\VersionIndependentProgID\ = "PDFPrevHndlr.PDFPreviewHandler"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\HELPDIR\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\TypeLib\ = "{600D1822-4963-64F6-4600-195B004A859A}"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\InprocServer32	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\0\win32	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\FLAGS	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\HELPDIR	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\0	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\0\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\ProgID\ = "PDFPrevHndlr.PDFPreviewHandler.1"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\0\win64\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\ = "Common Language Runtime Execution Engine 2.4 Library"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\0\win64\ = "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoree.tlb"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\InprocServer32\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\0\win32\ = "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscoree.tlb"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\0\win32\ = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.tlb"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\HELPDIR\ = "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\VersionIndependentProgID\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\ProgID	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\0	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\0\win64	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\0\win32	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\FLAGS\ = "0"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0919BA9-F646-473C-DBB5-7FF48F466EB7}\ = "Eliqi.Najeh.Obajojil Object"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\ = "Common Language Runtime Execution Engine 2.0 Library"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\0\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.0\0\win32\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\0\win64\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{600D1822-4963-64F6-4600-195B004A859A}\2.4\FLAGS\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe

C:\Users\Admin\AppData\Local\Temp\608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
"C:\Users\Admin\AppData\Local\Temp\608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe"
1⤵
- Modifies registry class
PID:1396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1396-54-0x00000000760E1000-0x00000000760E3000-memory.dmp

Filesize
8KB

Download
memory/1396-55-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1396-56-0x0000000000330000-0x0000000000384000-memory.dmp

Filesize
336KB

Download
memory/1396-57-0x0000000003310000-0x0000000003314000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads