c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055

Analysis

max time kernel
181s
max time network
231s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Size

48KB
MD5

813a1e32356acb229f8b507142572423
SHA1

354136b8d6eb4bacb53ed9326c4eb502ca481fe7
SHA256

c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055
SHA512

37322e3a5e10f5d821b2199274efd48ab95cb058be6ae050cde6ac00dccb1f17645d2367207e19f1f4a4b3c757cc237e236ffff1c8b0bba0047797e2efd07651
SSDEEP

384:cfUFz7LgXPxm4I41Syqq4BdRXQ/S0gTg7u21sgokawmaLgMj/9JGmr6enqvdRZoi:JjK1sgokZgs/WmVwoGcpdA

Score

1^/10

Malware Config

Signatures

Modifies registry class 14 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ = "Internet Explorer"	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\DefaultIcon	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\Shell\Start	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\Shell\Start\ = "????(&H)"	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\Shell\Start\Command	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\LocalizedString = "Internet Explorer"	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\Shell\Start\Command\ = "\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" http://www.k969.com/"	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\Attributes = "16"	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\DefaultIcon\ = "C:\\Program Files\\Internet Explorer\\iexplore.exe,-32528"	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\Shell	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4232	c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe

C:\Users\Admin\AppData\Local\Temp\c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe
"C:\Users\Admin\AppData\Local\Temp\c8f6189197812cf568e25b991590d0471feb849a373ded87e127092828696055.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4232

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads