e7dfb68d9c976d97cdcfe16337836526792b0d679b2f4a661f96d02d134ccd78

Analysis

max time kernel
178s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0104b3b455ebf432e1e682ec95251833.exe
Size

673KB
MD5

0104b3b455ebf432e1e682ec95251833
SHA1

47c8c9f05638eaef8ef6e12caddbe0d0b587185f
SHA256

e7dfb68d9c976d97cdcfe16337836526792b0d679b2f4a661f96d02d134ccd78
SHA512

94e00561835f27776e7ed4eb4c6d34f68e30dda332b1dc8802b54373c6981918faa9829afe712305f776a59e3252640aa682215ddee51539a3b6d874da0fac65
SSDEEP

12288:qEP1p+sF6e0J1jjcY1swOmGOaVmbRuulS+uj3Cq+JZX/Uq+BKVYNeoAEzkYchP:Vp8e0LjcyswMUlciN+BjPkY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3268-0-0x0000000000400000-0x000000000052E000-memory.dmp	upx
behavioral2/memory/3268-2-0x0000000000400000-0x000000000052E000-memory.dmp	upx

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0104b3b455ebf432e1e682ec95251833.exe"	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\0104b3b455ebf432e1e682ec95251833.eBookNSHandler\Clsid\ = "{9C453F21-396D-11D5-9734-70E252C10127}"	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ProgID\ = "0104b3b455ebf432e1e682ec95251833.eBookNSHandler"	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ = "ExternalNSHandler"	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0104b3b455ebf432e1e682ec95251833.exe"	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\0104b3b455ebf432e1e682ec95251833.ExternalNSHandler\Clsid\ = "{D173E10A-001D-4318-9822-8C97A8418482}"	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ProgID\ = "0104b3b455ebf432e1e682ec95251833.ExternalNSHandler"	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\ProgID	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\0104b3b455ebf432e1e682ec95251833.eBookNSHandler	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\0104b3b455ebf432e1e682ec95251833.eBookNSHandler\ = "eBookNSHandler"	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\0104b3b455ebf432e1e682ec95251833.eBookNSHandler\Clsid	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\LocalServer32	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}\LocalServer32	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\0104b3b455ebf432e1e682ec95251833.ExternalNSHandler\ = "ExternalNSHandler"	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\0104b3b455ebf432e1e682ec95251833.ExternalNSHandler\Clsid	0104b3b455ebf432e1e682ec95251833.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ = "eBookNSHandler"	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D173E10A-001D-4318-9822-8C97A8418482}	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\0104b3b455ebf432e1e682ec95251833.ExternalNSHandler	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}	0104b3b455ebf432e1e682ec95251833.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ProgID	0104b3b455ebf432e1e682ec95251833.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3268	0104b3b455ebf432e1e682ec95251833.exe
3268	0104b3b455ebf432e1e682ec95251833.exe

C:\Users\Admin\AppData\Local\Temp\0104b3b455ebf432e1e682ec95251833.exe
"C:\Users\Admin\AppData\Local\Temp\0104b3b455ebf432e1e682ec95251833.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3268-0-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/3268-1-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/3268-2-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/3268-4-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads