fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Size

4.1MB
MD5

e832768205e42b11656c5edfc5fa23be
SHA1

a946b430837e10a68fbffe6f6c241a63d24b85cf
SHA256

fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20
SHA512

86573254273521207feff42aefab136585d7c6737a622d39202d3e542ee9ee7c81357afae7071ea61526c9d93e7d0f86944c02bfc57296ff87ad9cd2d15df5e4
SSDEEP

49152:8qt2nRkwSvUAbs5kcRan4uwtEF599WzQ1HLEg8Gq/A2qXrxWME9SGhs:RtakpUAebanNfWz0LEjGSA2srPYJh

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl09\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl25\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\HLSW Server List\EditFlags = "65536"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl00	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl00\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl01\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl23\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl24\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HLSW Server List\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe,0"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HLSW Server List\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe \"-PATH:C:\\Users\\Admin\\AppData\\Local\\Temp\\\" \"-SL:%1\""	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hlsw\DefaultIcon	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl09	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl14\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl16	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl24	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HLSW Server List\DefaultIcon	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hlsw	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hlsw\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe,0"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl08	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl10\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl25	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hlsw\ = "URL: HLSW Protocol"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hlsw\URL Protocol	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hlsw\shell\open\command	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl05	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl16\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl26\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HLSW Server List\shell	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hlsw\shell	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl02	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl08\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl11	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl20\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hlsw\shell\open	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl03	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl07	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl10	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl13\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl20	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl26	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl04\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl07\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl12\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl13	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl19\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sslf\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HLSW Server List\shell\open	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl01	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl05\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl14	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl17\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl19	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl06\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl21\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl22\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sslf	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HLSW Server List	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl03\ = "HLSW Server List"	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl17	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl18	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl27	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl04	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl06	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sl15	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1696	fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe

C:\Users\Admin\AppData\Local\Temp\fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe
"C:\Users\Admin\AppData\Local\Temp\fb02573db26973e3be1dbdb5abef0844a6491efaad5085d5b5dcbc55c4e49c20.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-54-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads