Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
28/11/2023, 00:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe
Resource
win7-20231020-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe
Resource
win10v2004-20231127-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe
-
Size
256KB
-
MD5
fd788765653b2eff3e3a624ab45408ca
-
SHA1
9ce7734e8d5f123fb6680a7a40810f8c7ed68427
-
SHA256
ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa
-
SHA512
a9057cf65c81016341cb9a8f3c1d6b5ce59e6075a8553d76ffe9da50e731cad2b3c6f94fa72917827f7d29693a0a838b3f953740d4d05a10944b39a5e3401232
-
SSDEEP
6144:Z8nqVvrQq40pn/872mfLoVoTWVTH2Yrt8OKX:ZwyDYeGfLCoTW1H26K
Score
1/10
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA} ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7117-8EB9-11D3-9354-00A02495E5BA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\Programmable ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{F7A9A0A8-07AA-11D3-9C49-0020182C3611}\2.1 ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{F7A9A0A8-07AA-11D3-9C49-0020182C3611}\2.1\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\TypeLib\Version = "2.1" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\TypeLib\Version = "2.1" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\ProgID ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\VERSION\ = "2.1" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7117-8EB9-11D3-9354-00A02495E5BA}\Forward\ = "{95493E29-45FC-476F-B03C-DC795672FFE3}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\TypeLib\ = "{F7A9A0A8-07AA-11D3-9C49-0020182C3611}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\TypeLib\Version = "2.1" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\TypeLib\Version = "2.1" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\TypeLib\ = "{F7A9A0A8-07AA-11D3-9C49-0020182C3611}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\ = "__SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\TypeLib ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7117-8EB9-11D3-9354-00A02495E5BA}\ProxyStubClsid ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\TypeLib\ = "{F7A9A0A8-07AA-11D3-9C49-0020182C3611}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\ = "__SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\TypeLib ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\ProxyStubClsid32 ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\VERSION ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7119-8EB9-11D3-9354-00A02495E5BA}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{F7A9A0A8-07AA-11D3-9C49-0020182C3611} ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\TypeLib ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F76B669-910C-4321-995E-E267A9B15756} ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7117-8EB9-11D3-9354-00A02495E5BA}\ProxyStubClsid32 ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{F7A9A0A8-07AA-11D3-9C49-0020182C3611}\2.1\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3} ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7119-8EB9-11D3-9354-00A02495E5BA}\ProxyStubClsid ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7119-8EB9-11D3-9354-00A02495E5BA}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7119-8EB9-11D3-9354-00A02495E5BA}\Forward ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{F7A9A0A8-07AA-11D3-9C49-0020182C3611}\2.1\FLAGS\ = "0" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7117-8EB9-11D3-9354-00A02495E5BA} ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7117-8EB9-11D3-9354-00A02495E5BA}\ = "SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7117-8EB9-11D3-9354-00A02495E5BA}\Forward ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7119-8EB9-11D3-9354-00A02495E5BA}\ProxyStubClsid32 ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\ = "_SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SeeSaw.SeeSawObject ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SeeSaw.SeeSawObject\ = "Creatable SeeSaw Object " ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SeeSaw.SeeSawObject\Clsid ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7119-8EB9-11D3-9354-00A02495E5BA}\ = "SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{F7A9A0A8-07AA-11D3-9C49-0020182C3611}\2.1\FLAGS ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\TypeLib ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\LocalServer32 ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\ = "SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3} ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\ = "_SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\ProgID\ = "SeeSaw.SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\ProxyStubClsid ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\TypeLib ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SeeSaw.SeeSawObject\Clsid\ = "{4DBB7118-8EB9-11D3-9354-00A02495E5BA}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95493E29-45FC-476F-B03C-DC795672FFE3}\ProxyStubClsid ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\ = "SeeSawObject" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F76B669-910C-4321-995E-E267A9B15756}\TypeLib\ = "{F7A9A0A8-07AA-11D3-9C49-0020182C3611}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DBB7118-8EB9-11D3-9354-00A02495E5BA}\ = "Creatable SeeSaw Object " ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DBB7119-8EB9-11D3-9354-00A02495E5BA}\Forward\ = "{4F76B669-910C-4321-995E-E267A9B15756}" ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2220 ddabec34be9d1839f63a89113cc2c6be7dbb64f1b39c0444da4139741754c3aa.exe