ebbd4d196b95803a07c54675e9281721c3adb7b397f5808af4d1cb47915a71c0

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26-08-2023 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ForceDelete Pro v1.1.0 Portable/App/ProgramFiles/ForceDelete.exe
Size

437KB
MD5

8f44a4681f8055a095d074decb2fe42a
SHA1

f1c6d82337fb9b9d4c2633dd81a8e4f4bc7d9b0a
SHA256

a0ab81d12cd2a3b6779f0bd5533a7699200d99259ec88a6645b1032ae7076399
SHA512

07b5bcf265672726483e45200b9ef7a6ee60d2df2135a4aa4df6f11fa2a4db0f830a10134f2e69778965bfcaa59a1307cb077f2b74b263deb3751b8ad70aae39
SSDEEP

6144:xQv0Gz+veGTvCG+vT8xIihyF91AYyA+AqkNN1DyXCzCcgLc3t2udEMVAQFRwn:66HU/yXCzkodEkDwn

Score

1^/10

Malware Config

Signatures

Modifies registry class 16 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Unlock by ForceDelete\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete Pro v1.1.0 Portable\\App\\ProgramFiles\\ForceDelete.exe unlock \"%1\""	ForceDelete.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Force Delete\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete Pro v1.1.0 Portable\\App\\ProgramFiles\\ForceDelete.exe"	ForceDelete.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Force Delete\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete Pro v1.1.0 Portable\\App\\ProgramFiles\\ForceDelete.exe \"%1\""	ForceDelete.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Force Delete	ForceDelete.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Unlock by ForceDelete\Command	ForceDelete.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Force Delete	ForceDelete.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Force Delete\Command	ForceDelete.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Unlock by ForceDelete\Command	ForceDelete.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Unlock by ForceDelete	ForceDelete.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Force Delete\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete Pro v1.1.0 Portable\\App\\ProgramFiles\\ForceDelete.exe"	ForceDelete.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Force Delete\Command	ForceDelete.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Force Delete\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete Pro v1.1.0 Portable\\App\\ProgramFiles\\ForceDelete.exe \"%1\""	ForceDelete.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Unlock by ForceDelete	ForceDelete.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Unlock by ForceDelete\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete Pro v1.1.0 Portable\\App\\ProgramFiles\\ForceDelete.exe"	ForceDelete.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Unlock by ForceDelete\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete Pro v1.1.0 Portable\\App\\ProgramFiles\\ForceDelete.exe unlock \"%1\""	ForceDelete.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Unlock by ForceDelete\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete Pro v1.1.0 Portable\\App\\ProgramFiles\\ForceDelete.exe"	ForceDelete.exe

C:\Users\Admin\AppData\Local\Temp\ForceDelete Pro v1.1.0 Portable\App\ProgramFiles\ForceDelete.exe
"C:\Users\Admin\AppData\Local\Temp\ForceDelete Pro v1.1.0 Portable\App\ProgramFiles\ForceDelete.exe"
1⤵
- Modifies registry class
PID:3592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3592-0-0x0000000074D70000-0x0000000075520000-memory.dmp

Filesize
7.7MB

Download
memory/3592-1-0x0000000000D50000-0x0000000000DC0000-memory.dmp

Filesize
448KB

Download
memory/3592-2-0x0000000005C50000-0x00000000061F4000-memory.dmp

Filesize
5.6MB

Download
memory/3592-3-0x00000000057A0000-0x0000000005832000-memory.dmp

Filesize
584KB

Download
memory/3592-4-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/3592-5-0x0000000005960000-0x000000000596A000-memory.dmp

Filesize
40KB

Download
memory/3592-7-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/3592-10-0x0000000074D70000-0x0000000075520000-memory.dmp

Filesize
7.7MB

Download
memory/3592-11-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/3592-12-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads