a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2023 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Size

1.2MB
MD5

59b74fb9c2f0345c3ec09768b444748f
SHA1

04bd0c4f1e665f597f67c82f127d41761ad7d4a0
SHA256

a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b
SHA512

6eb446adb2adfe803408e5aac1cda50bd5dbfbd9b0e736ea8bf2c8981ab1e1e3394ab8b3834df786f2faf875adc13c2e476cad8a1dbfde8ed41c74e00dcfec3b
SSDEEP

24576:dfmo0OzACccxBwXU58owNB0OGtOIbsz1RL162pHsju2gsOTpW8+zHBM:dfmo0g7ccxeEs0OEOIbsJFxs6saw8+m

Score

1^/10

Malware Config

Signatures

Modifies registry class 39 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\0\win32	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\TypeLib\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\TypeLib\ = "{1CF448F1-0ADA-E07B-DFF6-14F46063A228}"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\ProgID\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\0\win64\ = "%SystemRoot%\\SysWow64\\Speech\\Common\\sapi.dll"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\FLAGS\ = "0"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\Version	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\ProgID	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\LocalServer32	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\0\win64	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\ = "Microsoft Speech Object Library"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\0\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\0\win32\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\0\win32\ = "%SystemRoot%\\SysWow64\\Speech\\Common\\sapi.dll"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\VersionIndependentProgID\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\LocalServer32\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\0\win64\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\FLAGS	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\FLAGS\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\Version\ = "1.0"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\InprocServer32\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\ProgID\ = "PLA.LegacyTraceSession.1"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\Version\	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\VersionIndependentProgID\ = "PLA.LegacyTraceSession"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\LocalServer32\ = "%SystemRoot%\\SysWow64\\plasrv.exe"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1CF448F1-0ADA-E07B-DFF6-14F46063A228}\5.4\0	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\VersionIndependentProgID	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\ = "Cowadato.Ataza.Ferike"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\InprocServer32\ = "%SystemRoot%\\SysWow64\\pla.dll"	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\TypeLib	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A47DCF5A-0E8A-4B8A-4DAD-1B0DE1C554DA}\InprocServer32	a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe

C:\Users\Admin\AppData\Local\Temp\a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe
"C:\Users\Admin\AppData\Local\Temp\a48fe59a4651a4587ad04129ee17505673e613a3dad5262bbd3039f994b6c75b.exe"
1⤵
- Modifies registry class
PID:4728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4728-132-0x0000000000400000-0x0000000000799000-memory.dmp

Filesize
3.6MB

Download
memory/4728-133-0x0000000000400000-0x0000000000799000-memory.dmp

Filesize
3.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads