Analysis
-
max time kernel
128s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26-12-2022 18:04
Static task
static1
Behavioral task
behavioral1
Sample
329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe
-
Size
833KB
-
MD5
b6682ee9e7e4c4ece8900b93d5349583
-
SHA1
d07de39e469cbdeb8d93fea5f042e5d06e60db0b
-
SHA256
329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a
-
SHA512
34314897c39c6e8c596d64d8fb1d310f0e268f81012e5ea401dc509b5a7f69c0cba1eaa337c69aedf21f1dc296e207b9451f689f86bf9935588b7881960eb129
-
SSDEEP
12288:Ot8nkUzhrP3UxD+NzWa+K+u9uZ5Rw+yMMnIk1vjDWn5DPjdKxObb:iM3rP3Uw9u5Rwxvnl85DPjdz
Score
1/10
Malware Config
Signatures
-
Modifies registry class 38 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\ = "AboutInfo Object" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\TypeLib 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\TypeLib\ = "{378D0221-3518-47CF-A02B-D6EBD8EACC84}" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\ProxyStubClsid32 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3} 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\TypeLib\Version = "1.0" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\TypeLib 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\LocalServer32 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\ProgID 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VoteEditor.AboutInfo\Clsid 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\ = "IAboutInfo" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\TypeLib\Version = "1.0" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0} 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0\FLAGS 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0\0 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\ProgID\ = "VoteEditor.AboutInfo" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\Version\ = "1.0" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\TypeLib\ = "{378D0221-3518-47CF-A02B-D6EBD8EACC84}" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VoteEditor.AboutInfo\ = "AboutInfo Object" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84} 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0\ = "VoteEditor Library" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3} 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\ = "IAboutInfo" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0\FLAGS\ = "0" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VoteEditor.AboutInfo 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}\Version 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0\0\win32 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0\HELPDIR 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\TypeLib\ = "{378D0221-3518-47CF-A02B-D6EBD8EACC84}" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\TypeLib 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{378D0221-3518-47CF-A02B-D6EBD8EACC84}\1.0 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6D86360-EF9D-4B6B-8DA8-6D540FA4F1D3}\ProxyStubClsid32 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VoteEditor.AboutInfo\Clsid\ = "{21B71836-1C8F-4AE6-93F5-CAF3442AF3F0}" 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4564 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4564 329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe"C:\Users\Admin\AppData\Local\Temp\329af6331886fc19cfe66cd3c802856a8032f163599ee2e2d4af009316c6192a.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4564