e570a861f38efec2767fdfdeef787d0bed13fd1c7492fb6258d95ecf5e68425f

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 15:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

03cbd533e20174c94522866a82355407.exe
Size

1.9MB
MD5

03cbd533e20174c94522866a82355407
SHA1

eb8473906f575acd088e2fe0d21297680c7dce3b
SHA256

e570a861f38efec2767fdfdeef787d0bed13fd1c7492fb6258d95ecf5e68425f
SHA512

67e6d8b5b1fd49f200089bb84e39e211f8aca9a15378f396e4542a29af3b3db72153b70da8b2c7090a2665d778f2923833e92db6eed938907fdfc637c1b1b0ab
SSDEEP

49152:Gp8nE6tYUfbfnK/GOBURo9yOb7ENaSjE4pNmolzlCT9bjy0+/9rBq:X1dTSP6RiyOb70xNmAy+/9tq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4380-0-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/4380-2-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/4380-6-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/4380-8-0x0000000000400000-0x00000000004CD000-memory.dmp	upx

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ProgID\ = "03cbd533e20174c94522866a82355407.ExternalNSHandler"	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\03cbd533e20174c94522866a82355407.ExternalNSHandler\Clsid	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\03cbd533e20174c94522866a82355407.ExternalNSHandler\Clsid\ = "{D173E10A-001D-4318-9822-8C97A8418482}"	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\03cbd533e20174c94522866a82355407.eBookNSHandler	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\03cbd533e20174c94522866a82355407.eBookNSHandler\Clsid	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ProgID	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\03cbd533e20174c94522866a82355407.exe"	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\LocalServer32	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\03cbd533e20174c94522866a82355407.eBookNSHandler\ = "eBookNSHandler"	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ = "eBookNSHandler"	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\03cbd533e20174c94522866a82355407.exe"	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ = "ExternalNSHandler"	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\LocalServer32	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\03cbd533e20174c94522866a82355407.ExternalNSHandler	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\03cbd533e20174c94522866a82355407.ExternalNSHandler\ = "ExternalNSHandler"	03cbd533e20174c94522866a82355407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ProgID	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\03cbd533e20174c94522866a82355407.eBookNSHandler\Clsid\ = "{9C453F21-396D-11D5-9734-70E252C10127}"	03cbd533e20174c94522866a82355407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ProgID\ = "03cbd533e20174c94522866a82355407.eBookNSHandler"	03cbd533e20174c94522866a82355407.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4380	03cbd533e20174c94522866a82355407.exe
4380	03cbd533e20174c94522866a82355407.exe

C:\Users\Admin\AppData\Local\Temp\03cbd533e20174c94522866a82355407.exe
"C:\Users\Admin\AppData\Local\Temp\03cbd533e20174c94522866a82355407.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4380-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/4380-1-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/4380-2-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/4380-4-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/4380-6-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/4380-8-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads