03b233f6aa509317c8bbe9b03638d74709f3def60bdc72c707dbfbdfb60e58b6

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e811ced3128b295309a6c7f0d3a926c.exe
Size

280KB
MD5

1e811ced3128b295309a6c7f0d3a926c
SHA1

d4aaed4d74eee391ba62ff86ca8fedad9c55ff08
SHA256

03b233f6aa509317c8bbe9b03638d74709f3def60bdc72c707dbfbdfb60e58b6
SHA512

12a4178df93358b89474819f032a426bcdb26d65bf6d6307180e169bdf464a0142bf7cdb71f93946d7241626c6bc1c02435a88eddf87c592934a201dbe8b3aa3
SSDEEP

6144:CgM8LKP6Ia5mujBP6DN0SVy38PtSF/BY:5LKP6Ia5m+SVy3USp

Score

1^/10

Malware Config

Signatures

Modifies registry class 52 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1\0\win32	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1e811ced3128b295309a6c7f0d3a926c.exe"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\LocalServer32	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74A6E3A9-8CD0-11D6-9FF4-00E04C54B3B6}\Forward\ = "{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\ProgID	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\TypeLib\Version = "1.1"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\ProgID\ = "K3ComXSActive.Application"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\Implemented Categories	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1\ = "K/3(ÉÌÒµ)ÏúÊÛÏµÍ³"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1\0	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\TypeLib\ = "{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\TypeLib	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\K3ComXSActive.Application\Clsid\ = "{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74A6E3A9-8CD0-11D6-9FF4-00E04C54B3B6}\ProxyStubClsid	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74A6E3A9-8CD0-11D6-9FF4-00E04C54B3B6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\TypeLib	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\VERSION	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\K3ComXSActive.Application\Clsid	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74A6E3A9-8CD0-11D6-9FF4-00E04C54B3B6}\ = "Application"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\Programmable	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1\FLAGS\ = "0"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1\HELPDIR	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\K3ComXSActive.Application\ = "K3ComXSActive.Application"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74A6E3A9-8CD0-11D6-9FF4-00E04C54B3B6}	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74A6E3A9-8CD0-11D6-9FF4-00E04C54B3B6}\ProxyStubClsid32	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ = "_Application"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\TypeLib\Version = "1.1"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74A6E3A9-8CD0-11D6-9FF4-00E04C54B3B6}\Forward	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\TypeLib\ = "{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\K3ComXSActive.Application	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ = "Application"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\ = "K3ComXSActive.Application"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\VERSION\ = "1.1"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1\FLAGS	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ = "_Application"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\TypeLib\ = "{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A6E3AA-8CD0-11D6-9FF4-00E04C54B3B6}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1e811ced3128b295309a6c7f0d3a926c.exe"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74A6E3A9-8CD0-11D6-9FF4-00E04C54B3B6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	1e811ced3128b295309a6c7f0d3a926c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74A6E379-8CD0-11D6-9FF4-00E04C54B3B6}\1.1\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ProxyStubClsid32	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\TypeLib	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ProxyStubClsid	1e811ced3128b295309a6c7f0d3a926c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BEDAA4C-B0B3-11D6-852C-00E04C6BD53D}\ProxyStubClsid32	1e811ced3128b295309a6c7f0d3a926c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2332	1e811ced3128b295309a6c7f0d3a926c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2332	1e811ced3128b295309a6c7f0d3a926c.exe

C:\Users\Admin\AppData\Local\Temp\1e811ced3128b295309a6c7f0d3a926c.exe
"C:\Users\Admin\AppData\Local\Temp\1e811ced3128b295309a6c7f0d3a926c.exe"
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2332-0-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/2332-3-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads