1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

Analysis

max time kernel
1599s
max time network
1604s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
25/05/2023, 19:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BonziBuddysinvirus.exe
Size

796KB
MD5

8a30bd00d45a659e6e393915e5aef701
SHA1

b00c31de44328dd71a70f0c8e123b56934edc755
SHA256

1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a
SHA512

daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb
SSDEEP

24576:u1bv4xVGCPscduI4G7wO7GAlKawj90/J0H90fNYJmbZOrzw9HSiXVhgJO6akuqTH:uvakuugaEN

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\Programmable	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\ = "clsBBPlayer"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}\TypeLib\Version = "2.0"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\ = "BonziBUDDY.clsStoryReader"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\Implemented Categories	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\ = "clsStoryReader"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\ProgID	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\TypeLib	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\LocalServer32	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}\TypeLib\Version = "2.0"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\VERSION\ = "2.0"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\VERSION	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\ = "BonziBUDDY.clsBBPlayer"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8F58C996-9C30-11D3-8F99-00104BA312D6}	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\ = "_clsBBPlayer"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\ProgID\ = "BonziBUDDY.clsBBPlayer"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8F58C996-9C30-11D3-8F99-00104BA312D6}\2.0\FLAGS\ = "0"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\TypeLib	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsBBPlayer	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8F58C996-9C30-11D3-8F99-00104BA312D6}\2.0\0\win32	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8F58C996-9C30-11D3-8F99-00104BA312D6}\2.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\ProgID	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\TypeLib\Version = "2.0"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8F58C996-9C30-11D3-8F99-00104BA312D6}\2.0	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\TypeLib	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8F58C996-9C30-11D3-8F99-00104BA312D6}\2.0\FLAGS	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\TypeLib	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}\TypeLib	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\ = "__clsBBPlayer"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}\ = "__clsStoryReader"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsBBPlayer\ = "BonziBUDDY.clsBBPlayer"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\BonziBuddysinvirus.exe"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8F58C996-9C30-11D3-8F99-00104BA312D6}\2.0\ = "BonziBUDDY"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8F58C996-9C30-11D3-8F99-00104BA312D6}\2.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\BonziBuddysinvirus.exe"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\TypeLib	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsStoryReader\ = "BonziBUDDY.clsStoryReader"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsStoryReader\Clsid\ = "{8F58C9A5-9C30-11D3-8F99-00104BA312D6}"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}"	BonziBuddysinvirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}"	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid	BonziBuddysinvirus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F58C9A2-9C30-11D3-8F99-00104BA312D6}	BonziBuddysinvirus.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1760	BonziBuddysinvirus.exe

C:\Users\Admin\AppData\Local\Temp\BonziBuddysinvirus.exe
"C:\Users\Admin\AppData\Local\Temp\BonziBuddysinvirus.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1760

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads