df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93

Analysis

max time kernel
150s
max time network
29s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-03-2023 16:46

Target

df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
Size

380KB
MD5

c59ac7766dbbd46d16827bc5f2aad3f5
SHA1

23d01be8c715bb8db7e693e0b761ca70687e86be
SHA256

df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93
SHA512

f6e6240483e91e37a9b4c42c8f754728839424120421cd5104c343468bdf4319d4a4c8591f43aded5408d2e135a43a530f02f72da4e90abd48762148ff6242ff
SSDEEP

6144:KC7cNj1VHG02w4NXClqY2qMawGs0rLGfW8X9R4tCGwBNarCVx7RiEVYXHm:Dgps4lqZcrs4LypX9R4t+BNTX7BC

Score

1^/10

Modifies registry class 8 IoCs

Processes:

df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MyTreeFile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe %1"	df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MyTreeFile	df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MyTreeFile\ = "ÎÒµÄ²ã´ÎÎÄµµ"	df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ytr	df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ytr\ = "MyTreeFile"	df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MyTreeFile\shell\open\command	df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MyTreeFile\shell	df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MyTreeFile\shell\open	df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe

C:\Users\Admin\AppData\Local\Temp\df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe
"C:\Users\Admin\AppData\Local\Temp\df7c16993cf585ecb6fdb0de65491064be89bd7940190ff4a83d8e81d6cd1e93.exe"
1⤵
- Modifies registry class
PID:1268

memory/1268-58-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1268-59-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download