Analysis
-
max time kernel
2s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 07:41
Behavioral task
behavioral1
Sample
16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe
Resource
win7-20221111-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe
-
Size
808KB
-
MD5
e9a0094e23c3e63970812ca5506b895e
-
SHA1
e5433edb82e21fdca6d9a2dd936cfde838161175
-
SHA256
16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493
-
SHA512
2b5bb9641a5374ff81c5d09333b1e577eb7df2fa6536b3ef83747145878aaa085ac97395cb90498585ba94819162a6463fdaf131a0ca029bc5bd6edd33c15098
-
SSDEEP
24576:n5Pcmn31ExoQ0fhFel4oip9EmTVVE7yLFe0Trh:2a2CQ0fh84jTVVE7y5RXh
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\fccpk.sys 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe File created C:\Windows\SysWOW64\syshook.dll 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe -
Modifies registry class 23 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.fcp 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.fcp\Shell\Open\Command 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe,0" 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}\shell 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{7FF02D23-3021-410E-88EB-57834625BC3D}\InprocServer32 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.fcp\DefaultIcon 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.fcp\Shell\Open 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}\shell\open 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe" 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FF02D23-3021-410E-88EB-57834625BC3D} 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.fcp\DefaultIcon\ = "c:\\windows\\SysWow64\\folderlock.ico" 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.fcp\Shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe" 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CD5F60-A044-11D0-A9BF-00A024E3867F}\InprocServer32 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CD5F60-A044-11D0-A9BF-00A024E3867F}\InprocServer32\ = "C:\\Windows\\SysWow64\\syshook.dll" 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FF02D23-3021-410E-88EB-57834625BC3D}\InprocServer32 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FF02D23-3021-410E-88EB-57834625BC3D}\InprocServer32\ThreadingModel = 00626a7724626a773340037734fb180098fa687768fa1800f8f91800aafa687774fb1800cd1e6e77bb747200feffffff24626a77fc1eed76340000c00d09e876c0fb1800091fed76380100005cfb180064fb18006ce3697760fb1800020000000000000000000000380100000000000068fa1800340000c00000000000000101a8f918000000000030fb1800cd1e6e775372720000000000000000002110e876acfa1800f87d6a7700000000000000000000000000008d00c0bc9000200000002cfb1800170089000700000008fb180032e76977c0bc900098b8900001000000b8bc9000ecfa180003e06977c0fb180034fb180000000000b8bc900000fb180088e6697700008d0000000000c0bc900010fb18007a0d4d27d80b000088e504408ea6861e3cfb180000056d777a0d4d271c0c00000eb967faeb50d7c61a000000000000000000000078fb1800000000005cfb180068056d773c0000000000000000000000000000000c000000090000000c00e5407a2168020c00000190fb180017af400088fb1800ea0218000878f60190cdfa0104322e3030d8bdb301e9dd3f0f000000c4b24000ea021800dfd980f4dfd980f4eeeee540050009000b000c00 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.fcp\Shell 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}\DefaultIcon 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}\shell\open\command 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CD5F60-A044-11D0-A9BF-00A024E3867F} 16e5a288fc645ca54a364d9818207e83c7a827759e8ffb580ada40e94ae60493.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 460 Process not Found