608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Size

533KB
MD5

9c0516d47445d439966497a5cb34e508
SHA1

5d672d7c83f389922fb1340db983df9a536df2a1
SHA256

608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066
SHA512

4438df7aafb6139dea7fb53ee8f2994d60dce1000f460032abc93ff09f3682176f73eb1a7e1cdb335eeff3b8deb075a94c3eae4f610b45c7c5e09a47f7e3da9f
SSDEEP

12288:jfKpD/Pj/w4gF3Z4mxxeDqVTVOCZ7oECKx:AcZQmXtVTzlFx

Score

1^/10

Malware Config

Signatures

Modifies registry class 27 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\InprocServer32\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\0	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\VersionIndependentProgID\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\ = "Nixezeti object"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\ProgID\ = "IMEAPI.CImeRequestSenderJK.15"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\0\win32	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\FLAGS	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\FLAGS\ = "0"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\0\win32\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\VersionIndependentProgID	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\InprocServer32	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\ = "cttunesvr 1.0 Type Library"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\InprocServer32\ = "C:\\Windows\\SysWOW64\\IME\\shared\\imjkapi.dll"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\TypeLib	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\TypeLib\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\VersionIndependentProgID\ = "IMEAPI.CImeRequestSenderJK"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\ProgID	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\ProgID\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\0\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\0\win32\ = "%SystemRoot%\\SysWow64\\cttunesvr.exe"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDC25209-679E-997B-F3AD-F2B702ACC9C4}\1.0\FLAGS\	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA306B5F-AF17-42D0-BD91-753153B48A10}\TypeLib\ = "{FDC25209-679E-997B-F3AD-F2B702ACC9C4}"	608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe

C:\Users\Admin\AppData\Local\Temp\608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe
"C:\Users\Admin\AppData\Local\Temp\608b10676d76fd847d1ed40d91d99e3fb1ac41e65882b190b03c66be3833b066.exe"
1⤵
- Modifies registry class
PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4920-132-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/4920-133-0x00000000022D0000-0x0000000002324000-memory.dmp

Filesize
336KB

Download
memory/4920-134-0x0000000003460000-0x0000000003464000-memory.dmp

Filesize
16KB

Download
memory/4920-135-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/4920-136-0x00000000022D0000-0x0000000002324000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads