e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/12/2022, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Size

372KB
MD5

d29075d028ec09287ed453d08569d58c
SHA1

5ade19b0e8f59b9c9ff3530d0900c1a9f1bca894
SHA256

e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b
SHA512

2a91c2013e190a9e55b18eeaf74be553cc13d7c23bba8189bfbf549ca52d6dcc152a77a8703517a68d72585fc11f0addef903caafcf1bbe328d7cfda5dc9a5cf
SSDEEP

3072:Pz5a9s9tbqZuhRQs7wge/Q28H0t7AWno7rJu9Uaz/FxkU4M8kLkIMVUozXBboR1F:PzjjGaQs7fe/fAWYYUaXMs/VTFMLB

Score

1^/10

Malware Config

Signatures

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP\shell\open\command	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP\shell\open	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe\" \"%1\""	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP\DefaultIcon	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP\shell	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP\ = "YYSmartNSP Protocol"	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP\URL Protocol = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe"	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YYSmartNSP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe"	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1212	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
1212	e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe

C:\Users\Admin\AppData\Local\Temp\e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe
"C:\Users\Admin\AppData\Local\Temp\e9416847c9aab20dc703fed615d33542765f45fa6ead7f3cfacd6c63f7d8c50b.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-54-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads