3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43

Analysis

max time kernel
150s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-12-2022 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
Size

1.7MB
MD5

046b4fd749fc319e3cb2fd82ed51c3d3
SHA1

f158a9713af368eb9fe62b147cf41b7ec0e7cc5a
SHA256

3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43
SHA512

677adb1fca386fcd3407d155946051827c1122cc1cec2d5674915bf5f88fbb12a206b476d1461fe8b1113780d1526a4c9af127613918de71ae863d1c9fe390ac
SSDEEP

24576:PaF1H6CedUX5UQFcaoWBM1OnxloV2XnJ0844Jkj:inH6CedUZcDW8O7I2XnK4J0

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1224	3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe

C:\Users\Admin\AppData\Local\Temp\3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
"C:\Users\Admin\AppData\Local\Temp\3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1224-54-0x000007FEFC181000-0x000007FEFC183000-memory.dmp

Filesize
8KB

Download