c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6

Analysis

max time kernel
118s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06-10-2023 07:58

Target

c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe
Size

4.0MB
MD5

0d9dc38812a8730d4fabdf906354b189
SHA1

dcc109e630410fb9512cb76605aba1f95a1d7014
SHA256

c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6
SHA512

f8aec6143cc7dba0e575bcc2bf790f77053c6cd933fe35f6ed7464072e7da27de845065b73344ce8726874ffca8acfa7651f172a853d2603a537e42cc8ae67ad
SSDEEP

49152:eh7MpqhDbgYpcmzSY7IHEUWPstn5XPJa+JAd0j+CrU9aHeUyDujknPEhhFzhlFt6:M7Mp2Rd9A5X4aPvJNhh/lSYtQ

Score

1^/10

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8052F904-874D-4d28-9380-AA9BDBF13AFD}\InProcServer32\ThreadingModel = "diskcopy.dll"	c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8052F904-874D-4d28-9380-AA9BDBF13AFD}\InProcServer32\AppID = "{E7CA2753-6413-4BEB-A1FE-B807BF8B1A56}"	c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8052F904-874D-4d28-9380-AA9BDBF13AFD}\InProcServer32	c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8052F904-874D-4d28-9380-AA9BDBF13AFD}	c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8052F904-874D-4d28-9380-AA9BDBF13AFD}\InProcServer32\ = "diskcopy.dll"	c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2484	c33965c96f473b87416ec5d36bc396aff173d4406111f016bc56a4d0c26b7dd6.exe

memory/2484-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download