4bb9f9d1b76080ec67abf8447b5cd2409c4f3eb7ec6d7e887e2a8ee969a9f3e8

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65adcbeea19ae48adbc0cc9d5b5fec09.exe
Size

1.3MB
MD5

65adcbeea19ae48adbc0cc9d5b5fec09
SHA1

b36e23fbd6accc8f47044d6d4ad74f0d1947ad3e
SHA256

4bb9f9d1b76080ec67abf8447b5cd2409c4f3eb7ec6d7e887e2a8ee969a9f3e8
SHA512

0e1857080f03b3cbe91be9228fe2538021cbb6038aa1fb5f7934718d1f1371da1f40ea596ef06668f1516aa594790e345ee40572e13eff7eec435c2f5b2c4793
SSDEEP

24576:Gp8e0LjcyswMUl7zfXo89E9UA9Xh7+4mYpktSy7w6HKqb+vVk17PnXEXOyx+rsSN:Gp8nE6qAtE7/NTy7wkPStWDXFyIxV77P

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3988-0-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/3988-2-0x0000000000400000-0x00000000004CD000-memory.dmp	upx

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\65adcbeea19ae48adbc0cc9d5b5fec09.exe"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\65adcbeea19ae48adbc0cc9d5b5fec09.ExternalNSHandler\Clsid\ = "{D173E10A-001D-4318-9822-8C97A8418482}"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ProgID	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\65adcbeea19ae48adbc0cc9d5b5fec09.eBookNSHandler	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ = "eBookNSHandler"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\LocalServer32	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\65adcbeea19ae48adbc0cc9d5b5fec09.exe"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\65adcbeea19ae48adbc0cc9d5b5fec09.eBookNSHandler\Clsid\ = "{9C453F21-396D-11D5-9734-70E252C10127}"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ = "ExternalNSHandler"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\LocalServer32	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\65adcbeea19ae48adbc0cc9d5b5fec09.ExternalNSHandler\ = "ExternalNSHandler"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\65adcbeea19ae48adbc0cc9d5b5fec09.ExternalNSHandler\Clsid	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ProgID	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ProgID\ = "65adcbeea19ae48adbc0cc9d5b5fec09.eBookNSHandler"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\65adcbeea19ae48adbc0cc9d5b5fec09.ExternalNSHandler	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ProgID\ = "65adcbeea19ae48adbc0cc9d5b5fec09.ExternalNSHandler"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\65adcbeea19ae48adbc0cc9d5b5fec09.eBookNSHandler\ = "eBookNSHandler"	65adcbeea19ae48adbc0cc9d5b5fec09.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\65adcbeea19ae48adbc0cc9d5b5fec09.eBookNSHandler\Clsid	65adcbeea19ae48adbc0cc9d5b5fec09.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3988	65adcbeea19ae48adbc0cc9d5b5fec09.exe
3988	65adcbeea19ae48adbc0cc9d5b5fec09.exe

C:\Users\Admin\AppData\Local\Temp\65adcbeea19ae48adbc0cc9d5b5fec09.exe
"C:\Users\Admin\AppData\Local\Temp\65adcbeea19ae48adbc0cc9d5b5fec09.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3988-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/3988-1-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/3988-2-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/3988-4-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads