f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1

Analysis

max time kernel
186s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Size

388KB
MD5

1580a09298c2099a84a8c2d8e598a49a
SHA1

7f65044111eccd3393ce2eaf8eee13c124a61b59
SHA256

f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1
SHA512

f24d72af47f5f088eba9d05b1dfb9e6f9eeb6a860a5be294b692573d64534a25ebab94744f270e1c17c5453893ba12864a34938b6844c540f9088955075f40cf
SSDEEP

6144:SDWdai4+TGfmKU6lFZmrKRFzK1os/b5N1evgxZSwit3o/:IBVRUWF2IFzXsFN

Score

1^/10

Malware Config

Signatures

Modifies registry class 24 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\open\ddeexec	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\open	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\ = "??????"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\print\ddeexec\ = "[print(\"%1\")]"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\printto\ddeexec\ = "[printto(\"%1\",\"%2\",\"%3\",\"%4\")]"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\open\command	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\F40606~1.EXE /dde"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dhg\ShellNew\NullFile	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dhg	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dhg\ = "DH.Document"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\DefaultIcon	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\print\command	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\print\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\F40606~1.EXE /dde"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\printto\command	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\printto\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\F40606~1.EXE /dde"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dhg\ShellNew	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\F40606~1.EXE,1"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\open\ddeexec\ = "[open(\"%1\")]"	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\print\ddeexec	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\print	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\printto\ddeexec	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DH.Document\shell\printto	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3548	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3548	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
3548	f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe

C:\Users\Admin\AppData\Local\Temp\f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe
"C:\Users\Admin\AppData\Local\Temp\f4060647e5d7bc7dd7e2c1a3e746f2af7c8ce47ac07225a6988f0a449fd526f1.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3548-132-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/3548-133-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads