8afdb16106d3f3da6d72fd5d486d1ebeb6b37aa3d14f335e6ba836a3738e59e5

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9c09546d7850f8fe8490c7c526008180.exe
Size

28KB
MD5

9c09546d7850f8fe8490c7c526008180
SHA1

0199bc88daf4068c43f4114dfe94fd3fffdefeda
SHA256

8afdb16106d3f3da6d72fd5d486d1ebeb6b37aa3d14f335e6ba836a3738e59e5
SHA512

e11b17085b04f6f8e0bbccc99767a4ff05b5c48f6e02c0b2c14d71402762a08c8aa932cd89846894f38cb91651afcf731c112edbdd2ecdc9a76a8293fc765298
SSDEEP

192:/TwDjjkO3qSvlst5v0WL8xhdK90S3pE2W+wzY:/T0AnSvOQT20S3pE28

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0\0	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0\0\win32	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\VERSION\ = "34.0"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0\FLAGS\ = "0"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ = "_ThinFileIO"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0\FLAGS	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ProxyStubClsid32	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\TypeLib\ = "{C6574792-F07B-4D5A-9898-BD6A8142FFD7}"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\LocalServer32	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\Programmable	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.9c09546d7850f8fe8490c7c526008180.exe"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.9c09546d7850f8fe8490c7c526008180.exe"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ThinFiles.ThinFileIO\Clsid\ = "{BEBF4B5B-508F-4502-8B23-90B24CF4054D}"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\ProgID\ = "ThinFiles.ThinFileIO"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\TypeLib\ = "{C6574792-F07B-4D5A-9898-BD6A8142FFD7}"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\Implemented Categories	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0\HELPDIR	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ = "_ThinFileIO"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\TypeLib	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\VERSION	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ProxyStubClsid	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{C6574792-F07B-4D5A-9898-BD6A8142FFD7}\22.0\ = "ThinFiles"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\TypeLib\Version = "22.0"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ProxyStubClsid32	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\TypeLib\Version = "22.0"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\ = "ThinFiles.ThinFileIO"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBF4B5B-508F-4502-8B23-90B24CF4054D}\ProgID	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ThinFiles.ThinFileIO	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ThinFiles.ThinFileIO\ = "ThinFiles.ThinFileIO"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\TypeLib	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ThinFiles.ThinFileIO\Clsid	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\TypeLib\ = "{C6574792-F07B-4D5A-9898-BD6A8142FFD7}"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\TypeLib	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}\ = "ThinFileIO"	NEAS.9c09546d7850f8fe8490c7c526008180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83BB9F17-5294-4CFC-90C4-1ADF47FA8B5F}	NEAS.9c09546d7850f8fe8490c7c526008180.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2120	NEAS.9c09546d7850f8fe8490c7c526008180.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.9c09546d7850f8fe8490c7c526008180.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9c09546d7850f8fe8490c7c526008180.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2120

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads