bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b

Analysis

max time kernel
156s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe
Size

370KB
MD5

a8adb7b22afe94dbcf7ce365a4a78b01
SHA1

becc015570dd84c2fc31e4daa800f43cf3bf86cf
SHA256

bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b
SHA512

7163530496def0aaea13653c23bc6d3f12db1fa269d6b5524039dca70f929c9829f3b32b33a9648e0130aff3324ab1b68d13a57120fda88276ff9e66d1ebed94
SSDEEP

6144:Zbqqe2QJ9M/vVz9nPDEWGslbLvtmeQwAUTNS2YERMX7t0AdCNGe/fMeRVV:ZuqeFMHVNEWGslNjAz2bRMLt0AdCNDM2

Score

1^/10

Malware Config

Signatures

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1020	bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe
1020	bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1020	bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 1020	3576	bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe	80
PID 3576 wrote to memory of 1020	3576	bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe	80
PID 3576 wrote to memory of 1020	3576	bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe	80

C:\Users\Admin\AppData\Local\Temp\bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe
"C:\Users\Admin\AppData\Local\Temp\bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Users\Admin\AppData\Local\Temp\bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe
  "C:\Users\Admin\AppData\Local\Temp\bff0e0cb5832f9033d510fb812f36dc7d395e7422038e3b137e9683684f73f9b.exe"
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~temp01890197517.tmp

Filesize
12B

MD5
9c4da2f57b5a66de42324736c161b870

SHA1
bc28cd264ae63b9b531fe34a0ee5c0b2b668fe14

SHA256
b4497ae7fa63aa4ddaa726cc20e0ad262672a25955ff109be4040a0d071bc253

SHA512
10b191be821981e761c438c2511a416e96687438f426944ed637fe73ab37a6b6833246273bbc73cf0ad67efec46cccdcaa7d7ba9ec12bedc42e8e8b16c695c5e

Download Submit
memory/1020-138-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/1020-140-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/1020-137-0x0000000000780000-0x0000000000790000-memory.dmp

Filesize
64KB

Download
memory/1020-136-0x0000000000770000-0x0000000000780000-memory.dmp

Filesize
64KB

Download
memory/1020-146-0x0000000000400000-0x00000000006CF000-memory.dmp

Filesize
2.8MB

Download
memory/1020-139-0x0000000002250000-0x0000000002260000-memory.dmp

Filesize
64KB

Download
memory/1020-145-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download
memory/1020-141-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/1020-142-0x0000000002280000-0x0000000002290000-memory.dmp

Filesize
64KB

Download
memory/1020-143-0x0000000002290000-0x00000000022A0000-memory.dmp

Filesize
64KB

Download
memory/1020-144-0x00000000022B0000-0x00000000022C0000-memory.dmp

Filesize
64KB

Download
memory/3576-135-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download
memory/3576-132-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download