b38a871d2d73d7de8c96c7d6bb3b50b779922ba49707898b6360bc59b0f6abcc

Analysis

max time kernel
105s
max time network
62s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Size

5.0MB
MD5

192386661cfced2138bac5206a37c4ca
SHA1

5ededa272466618591fc82240b1096e36d2fb8b0
SHA256

b38a871d2d73d7de8c96c7d6bb3b50b779922ba49707898b6360bc59b0f6abcc
SHA512

e033d2fc6c7d07194db3476cfc49594c4f566332a39fc53c53480f7b91e4a48950096c5af0bdadd0bafc35bebccf8a3dcad6000d51002501fd7609939513fc09
SSDEEP

98304:czzwfPuc30fU7nPpzGmS2CmMIO4fuvC+V8x/GWU9Qhpl:czzS0fU7nPpzGmS2CmMIO4fu3S/GWU9I

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{61C2BFE0-A59F-49EA-8740-C4C85FD29A23}\TypeLib	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8F0C1292-2D1B-4F95-8C34-2108951FD327}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5541D318-A7DD-47E7-A25F-D2FA16A31F68}\ProxyStubClsid32	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C12F3B9-7530-4F9A-A04B-7D52822229D7}\ = "provider"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5922099A-7F8F-491A-90B4-26EDD8B9FB4B}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C971CA64-A9B8-4650-A2A9-E5DDF0B291D6}\ProxyStubClsid32	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01B92F36-3731-4D04-B6F9-4B0B0B410A71}\TypeLib	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{64EB5784-850B-4902-BE5A-983DE33E9094}	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D38CAC33-BE7D-4AB4-8503-84C8187EA5B6}\ProxyStubClsid32	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C3A9279D-90F8-4777-9193-AA0704620D1E}\Forward	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FAFB5E61-B30F-4F27-A0F0-F5F0A858C564}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A3D9AFF-85A4-4598-9CBD-9FE2DB34DC8D}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{063BF4CF-0B7F-48B2-9D1C-384F154CAE77}\ = "_certserv"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F1C3CC35-0E3A-42E3-ABF0-767D4F64F118}\TypeLib\Version = "4e.64"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07BE8E5F-2F14-4D8E-8CAC-34B324C7A73A}\Forward\ = "{3487B0CD-C4FB-4EB6-8B22-76BBCCB7E136}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5E3EE72B-3CD2-4554-8E9C-11C64C877C8A}\ = "provider"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD5BB631-2532-4706-8A3C-DB38CD4707D2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{049DFB59-97DA-4EC5-93D9-3929C86D03E0}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{750D6A09-A605-4EC0-96ED-FE95340C09AD}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{82E61497-0AF6-4C98-B9F9-2C15DD0FDA27}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F07E7078-6052-4108-8F8A-7AB7ED29D5B6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F0F5067-2CA7-4CFA-88C3-0D93BB5E4D04}	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{684F8A50-FBDD-4EE6-8D32-49F73F709466}\ = "provider"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EFBC9108-D315-4BF1-885A-287189ABB771}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{38462118-FB9C-4026-90BD-F62036BCDBC2}\ = "Readermonitor"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9B61ED5F-5C62-414A-8F00-2C0F37FE6094}\ = "provider"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C5F61A03-4C92-43B8-A2EB-497DE42C1602}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A416B9F-EEAC-43CB-9792-4A6EEF9C4FF8}\Forward\ = "{61C2BFE0-A59F-49EA-8740-C4C85FD29A23}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A77C324F-8BC5-4201-A900-232866501345}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC889CEE-27E1-4BBC-8AE4-8402AD4D88F1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F60B3F8-A1D3-4B0D-9C47-4B58AC65DFAE}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{684F8A50-FBDD-4EE6-8D32-49F73F709466}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{36E413E2-CFB2-42BC-B34B-AD1A560CBE5A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F7587D69-2A1E-4F51-AEA8-B43716637EDB}\Forward\ = "{063BF4CF-0B7F-48B2-9D1C-384F154CAE77}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{524AE7EF-40CD-43DC-81F4-FD5AE1EA7CAC}\Programmable	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4EFF8AA2-D7FC-4916-9D54-166B43A5B688}\ = "iCache"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC7DF714-7446-4CEB-9483-260AA6F1D14C}	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01B92F36-3731-4D04-B6F9-4B0B0B410A71}\TypeLib\Version = "4e.64"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C252F280-3A50-4950-AE6B-35AFF2D780E9}\ProxyStubClsid32	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E67D210B-9494-4FB2-9C2E-33F342F5FE9A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{049DFB59-97DA-4EC5-93D9-3929C86D03E0}	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07BE8E5F-2F14-4D8E-8CAC-34B324C7A73A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E80B6FE-521F-40FA-B332-15FCD5B0ADCC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{ADA8814B-4BC3-4E25-B8C0-0035BA7DCF0D}\4e.64\0\win32	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{30E10FAD-C9B2-4FE7-B279-402D1066C17F}\TypeLib	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{524AE7EF-40CD-43DC-81F4-FD5AE1EA7CAC}\TypeLib	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24261759-27F5-45C4-831A-C096D641F969}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{64EB5784-850B-4902-BE5A-983DE33E9094}\Forward\ = "{3487B0CD-C4FB-4EB6-8B22-76BBCCB7E136}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BF863808-BAF3-47EE-9EE5-7063C17AA310}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{51371A3C-9E61-4F9C-8309-D0199909045E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F0F5067-2CA7-4CFA-88C3-0D93BB5E4D04}\ProxyStubClsid32	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F418AF12-19AE-4AA0-9CAA-C700E57E709C}\ProxyStubClsid32	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{38462118-FB9C-4026-90BD-F62036BCDBC2}\Forward\ = "{01B92F36-3731-4D04-B6F9-4B0B0B410A71}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D87A0FFF-AB46-4192-ABBB-1CCF393251C7}\Forward\ = "{61C2BFE0-A59F-49EA-8740-C4C85FD29A23}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5740A701-3CB7-4C2B-B2AD-FB008BAEA2A5}\Forward	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3487B0CD-C4FB-4EB6-8B22-76BBCCB7E136}\TypeLib	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE9FE6F3-2824-4F71-9B16-0DE37EC9F97E}\ProxyStubClsid32	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B377F3CF-890A-4D79-BC7D-005A6640E10D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00B70F2F-13A4-4481-B2D6-220B98F4B4DF}\ProxyStubClsid	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D78DDCA3-F82B-4B1A-B0BA-A96ADFEF70A4}\ = "Readermonitor"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBD95880-3499-402A-9762-6FDC77FD697E}\Forward	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4EFF8AA2-D7FC-4916-9D54-166B43A5B688}\Forward\ = "{750D6A09-A605-4EC0-96ED-FE95340C09AD}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8480C6B3-F952-474D-9277-C975E1D57870}\ = "iCache"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30E10FAD-C9B2-4FE7-B279-402D1066C17F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2768	SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2768

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads