6f54bdf7129fdd028af6960320fc3acb9095baed1c00acfb79466fe83714051c

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05/08/2023, 14:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

1.9MB
MD5

7fda9736180c8faa4bc5732c2fec31c8
SHA1

7cbd15f0cf6f650565b9034da30051816d1a8d0e
SHA256

6f54bdf7129fdd028af6960320fc3acb9095baed1c00acfb79466fe83714051c
SHA512

43dafb1ab9f36f925feadecceda734db5e4bf0760ec51b791f43759a2fdde41494abb7d3067bdcfa1f2ebb53433b337c0e0ec778be4b4d8c625e1174a92bbe21
SSDEEP

49152:VUwzIfc5SbXu2DUAeZfNKC/8aLNeuoEMeXiU7gEyAvkWt:Vjzp5SDbDUAedN5/b5euoEMeXiU7gEbv

Score

1^/10

Malware Config

Signatures

Modifies registry class 50 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}\InprocHandler32	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0\FLAGS	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0\FLAGS\ = "0"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\ProxyStubClsid32	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\ = "ISetIPDlg"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VC_Setup.Application	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VC_Setup.Application\CLSID\ = "{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}\InprocHandler32\ = "ole32.dll"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp.exe"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\ = "IVC_Setup"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\ProxyStubClsid32	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\TypeLib	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VC_Setup.Application\CLSID	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}\LocalServer32	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\TypeLib\ = "{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\ = "IVC_Setup"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\TypeLib\ = "{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\TypeLib\Version = "1.0"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\TypeLib\Version = "1.0"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\ = "ISetIPDlg"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VC_Setup.Application\ = "VC_Setup.Application"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\TypeLib	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\TypeLib\Version = "1.0"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\TypeLib	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\TypeLib	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}\ProgID	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp.exe\""	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0\0\win32	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\TypeLib\Version = "1.0"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\TypeLib\ = "{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}\ = "VC_Setup.Application"	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0\ = "VC_Setup"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0\HELPDIR	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\TypeLib\ = "{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0\HELPDIR\	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\ProxyStubClsid32	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E830CBC-2F7B-4E52-A209-1EE9E2B53864}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4745BDFD-C70D-403A-A4D7-E3EF95D47CDA}\ProgID\ = "VC_Setup.Application"	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4C9ACAA2-0C8A-4F67-BCDB-8D0B651312B9}\1.0\0	tmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\ProxyStubClsid32	tmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A26D4EBA-81D9-4649-8B84-46669BE26384}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	tmp.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
688	tmp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
688	tmp.exe
688	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:688

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads