5b9407df404506219bd672a33440783c5c214eefa7feb9923c6f9fded8183610

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
10/06/2023, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BitsArbitraryFileMoveExploit.exe
Size

920KB
MD5

da26fb84c103109da7b738d0c1b0612c
SHA1

4373fefdec70547cb513be8e908997033197dc86
SHA256

5b9407df404506219bd672a33440783c5c214eefa7feb9923c6f9fded8183610
SHA512

c05f74eb24f4729d0e355013791bcf8e4f6493346de6c8c9e5f3d0c68fc5ff450ffb13f4bba6ddaf1e97cbc7e34a66a24bd81b69fd53de2b852a623dc259aba4
SSDEEP

12288:xfAOepN634z3YrKsCaYalAzPLG75WFfj7WempBaO5:hAO2N634z3hsCaYalAnG7yf/Wtac

Score

1^/10

Malware Config

Signatures

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib\ = "{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}"	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib\Version = "0.0"	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\FLAGS	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\409	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ProxyStubClsid32	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib\ = "{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}"	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib\Version = "0.0"	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\FLAGS\ = "0"	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\409\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ProxyStubClsid32	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\409\win32	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ = "IBadger"	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\ = "IBadger"	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D487789C-32A3-4E22-B46A-C4C4C1C2D3E0}\TypeLib	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0	BitsArbitraryFileMoveExploit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\	BitsArbitraryFileMoveExploit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C6C9F33-AE88-4EC2-BE2D-449A0FFF8C02}\0.0\HELPDIR	BitsArbitraryFileMoveExploit.exe

C:\Users\Admin\AppData\Local\Temp\BitsArbitraryFileMoveExploit.exe
"C:\Users\Admin\AppData\Local\Temp\BitsArbitraryFileMoveExploit.exe"
1⤵
- Modifies registry class
PID:2028

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads