6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503

Analysis

max time kernel
91s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2023 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Size

699KB
MD5

dfae3f37ab7d503ad478c2d3a2f0c0ee
SHA1

477c0e070cb3136265ee89d68593b2b6c10b4d16
SHA256

6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503
SHA512

15fd91167dbed31d16ee52589e86a872a08e15a7d405fe38dee5b992e5cf020612239f5cc97232b111b3eff3b25db4a5ac71d21b0b4ebbe088f9c1a4a6afdedc
SSDEEP

12288:Rol5dxRCoUoRYIOpLhvJsG1JAe5cCFHBg7Nz3RLK/lGRgOUqmq9kR6lhKXxB3a9X:RGTxRaX6G13fFqZRLK/cRgOnmq9g6wBI

Score

1^/10

Malware Config

Signatures

Modifies registry class 33 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\TypeLib\ = "{017313F1-93B7-66F8-FA29-3CFF895E4F3A}"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\Version	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\ = "Enarab.Xawohasi.Zibiwjefo Class"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\InprocServer32\ = "%SystemRoot%\\SysWow64\\Speech_OneCore\\Common\\sapi_onecore.dll"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\0\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\Flags\ = "0"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\ProgID	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\ = "Microsoft Word 16.0 Object Library"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\0	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\0\Win64\ = "C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\Version\ = "5.4"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\TypeLib\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\VersionIndependentProgID	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\InprocServer32\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\ProgID\ = "SAPI.SpShortcut.1"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\Flags	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\HelpDir\ = "C:\\Program Files\\Microsoft Office\\Root\\Office16\\"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\TypeLib	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\VersionIndependentProgID\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\InprocServer32	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\VersionIndependentProgID\ = "SAPI.SpShortcut"	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\ProgID\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\Flags\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0CB877-DDB5-4D8D-56BE-C56B39BC657A}\Version\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\0\Win64	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\HelpDir	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\0\Win64\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{017313F1-93B7-66F8-FA29-3CFF895E4F3A}\8.7\HelpDir\	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3432	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
3432	6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe

C:\Users\Admin\AppData\Local\Temp\6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe
"C:\Users\Admin\AppData\Local\Temp\6214bce00a78e770b60013ed4eca36c43fda3b52a360138b352f0f574d16a503.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3432-132-0x0000000000400000-0x0000000000595000-memory.dmp

Filesize
1.6MB

Download
memory/3432-133-0x0000000002370000-0x00000000023D0000-memory.dmp

Filesize
384KB

Download
memory/3432-137-0x0000000000400000-0x0000000000595000-memory.dmp

Filesize
1.6MB

Download
memory/3432-138-0x0000000002370000-0x00000000023D0000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads