07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-04-2023 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Size

953KB
MD5

c4310c8f9c69a616e287c661e87bf4af
SHA1

3c3618a0fb7edd78ada256ed53625b43f0306011
SHA256

07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968
SHA512

90016fe319835f26d2db2845df223da8244fdb8e5224d905c9058ad740d2bd99accf5509d3deac900d1620ca77f8bf7df295abbb950c2036d7696cb240ac0c91
SSDEEP

12288:0WxFZUWHFaLZhB4GyjUeEWSgBWs/XoXPNxE8tamKsbxNWEGBiD3Ek8xyB5UTj9U7:ZUyyJwUrWLvGLtambNpD3Ek8xyBI

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83FEFADE-FBB1-4315-B49D-319BF07FDB61}\ = "ICorp"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C05B2944-0F08-4A41-90EA-E3F01192E3A9}\ProxyStubClsid32	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD9AB186-E886-42BE-B02B-4E6034F2ABC8}\TypeLib\Version = "1.0"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD9AB186-E886-42BE-B02B-4E6034F2ABC8}	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.Rdms\Clsid\ = "{6ACE1C8C-6F5C-44D1-B958-479C0E032E0F}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{723DDC03-1C9A-4AF9-B39C-2C1D38E524FF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C05B2944-0F08-4A41-90EA-E3F01192E3A9}\ = "IAnalyseData"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AED49CF-846C-4065-8A60-2E57C00FE438}\ = "IUserManage"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64B4E2E1-047C-40FE-A1A7-2BB8B706F000}\TypeLib	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.App\Clsid	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC8D6DAD-123B-4EA9-B409-FC1CBA1B3F1A}	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64B4E2E1-047C-40FE-A1A7-2BB8B706F000}	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0AED49CF-846C-4065-8A60-2E57C00FE438}\TypeLib\ = "{E8E87E17-3F5B-4237-A7ED-4E80B48E18E1}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AED49CF-846C-4065-8A60-2E57C00FE438}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{723DDC03-1C9A-4AF9-B39C-2C1D38E524FF}\ProxyStubClsid32	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD9AB186-E886-42BE-B02B-4E6034F2ABC8}\ = "IApp"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD9AB186-E886-42BE-B02B-4E6034F2ABC8}\ = "IApp"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC8D6DAD-123B-4EA9-B409-FC1CBA1B3F1A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.Rdms\Clsid	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C1CE5E0-9D63-456B-91C2-16EBBE30FCAF}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C1CE5E0-9D63-456B-91C2-16EBBE30FCAF}\ProgID\ = "FasoftAFAServer.Corp"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E8E87E17-3F5B-4237-A7ED-4E80B48E18E1}\1.0	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E8E87E17-3F5B-4237-A7ED-4E80B48E18E1}\1.0\FLAGS\ = "0"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{64B4E2E1-047C-40FE-A1A7-2BB8B706F000}	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{64B4E2E1-047C-40FE-A1A7-2BB8B706F000}\TypeLib\Version = "1.0"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0AED49CF-846C-4065-8A60-2E57C00FE438}\TypeLib\Version = "1.0"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD9AB186-E886-42BE-B02B-4E6034F2ABC8}\TypeLib	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC8D6DAD-123B-4EA9-B409-FC1CBA1B3F1A}\ProgID	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.Corp\Clsid\ = "{3C1CE5E0-9D63-456B-91C2-16EBBE30FCAF}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C1CE5E0-9D63-456B-91C2-16EBBE30FCAF}\TypeLib\ = "{E8E87E17-3F5B-4237-A7ED-4E80B48E18E1}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{723DDC03-1C9A-4AF9-B39C-2C1D38E524FF}\TypeLib	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{723DDC03-1C9A-4AF9-B39C-2C1D38E524FF}\TypeLib\ = "{E8E87E17-3F5B-4237-A7ED-4E80B48E18E1}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83FEFADE-FBB1-4315-B49D-319BF07FDB61}\TypeLib\ = "{E8E87E17-3F5B-4237-A7ED-4E80B48E18E1}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{64B4E2E1-047C-40FE-A1A7-2BB8B706F000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64B4E2E1-047C-40FE-A1A7-2BB8B706F000}\TypeLib\ = "{E8E87E17-3F5B-4237-A7ED-4E80B48E18E1}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.AnalyseData\Clsid\ = "{AE03A26B-C784-447E-8DCD-48A3AB34713B}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC8D6DAD-123B-4EA9-B409-FC1CBA1B3F1A}\ProgID\ = "FasoftAFAServer.AnalyseParams"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC8D6DAD-123B-4EA9-B409-FC1CBA1B3F1A}\Version	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC8D6DAD-123B-4EA9-B409-FC1CBA1B3F1A}\Version\ = "1.0"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6ACE1C8C-6F5C-44D1-B958-479C0E032E0F}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83FEFADE-FBB1-4315-B49D-319BF07FDB61}\TypeLib	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C05B2944-0F08-4A41-90EA-E3F01192E3A9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD9AB186-E886-42BE-B02B-4E6034F2ABC8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AE03A26B-C784-447E-8DCD-48A3AB34713B}	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.Corp\ = "Corp Object"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C05B2944-0F08-4A41-90EA-E3F01192E3A9}\ = "IAnalyseData"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AED49CF-846C-4065-8A60-2E57C00FE438}\TypeLib	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.UserManage\Clsid	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.AnalyseData	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.AnalyseData\Clsid	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6ACE1C8C-6F5C-44D1-B958-479C0E032E0F}\ = "Rdms Object"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{723DDC03-1C9A-4AF9-B39C-2C1D38E524FF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{723DDC03-1C9A-4AF9-B39C-2C1D38E524FF}\TypeLib\ = "{E8E87E17-3F5B-4237-A7ED-4E80B48E18E1}"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83FEFADE-FBB1-4315-B49D-319BF07FDB61}\TypeLib\Version = "1.0"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0ED46BB8-0443-4C12-84DD-DB141688FF31}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC8D6DAD-123B-4EA9-B409-FC1CBA1B3F1A}\TypeLib	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{64B4E2E1-047C-40FE-A1A7-2BB8B706F000}\TypeLib	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FasoftAFAServer.App\ = "App Object"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0FA018B0-4DE7-4EAE-84DB-5FC981AAA6A4}\Version	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0ED46BB8-0443-4C12-84DD-DB141688FF31}\ = "UserManage Object"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6ACE1C8C-6F5C-44D1-B958-479C0E032E0F}\Version	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AE03A26B-C784-447E-8DCD-48A3AB34713B}\TypeLib	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C1CE5E0-9D63-456B-91C2-16EBBE30FCAF}\Version\ = "1.0"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83FEFADE-FBB1-4315-B49D-319BF07FDB61}\TypeLib\Version = "1.0"	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1972	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
1972	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1972	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
1972	07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe

C:\Users\Admin\AppData\Local\Temp\07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe
"C:\Users\Admin\AppData\Local\Temp\07bb87280f2ca309b68a3f555a7fa11e296a5e38c903ec6d24efc0dea2881968.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-134-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/1972-135-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads