058740dfc47122c2c825f7302c851fab52eb2fb6f73e1f84b1e3cdef8d0638ea

Analysis

max time kernel
0s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bd654b036bad3e69298f34d572d11a2.exe
Size

338KB
MD5

0bd654b036bad3e69298f34d572d11a2
SHA1

6b3a66bb78e42acb2b11bea3f65dc793599aadf6
SHA256

058740dfc47122c2c825f7302c851fab52eb2fb6f73e1f84b1e3cdef8d0638ea
SHA512

17bf223c9b0301d32e347509a5b3cca2d751d89d0563bcf34cd3d19079825dae9e7382c9c4604f56bf6423ecdaa302468922182584327321aa221e82110a6c77
SSDEEP

6144:cax7rSEnHK2YNn6wuchTAbhQBHwqCL9xe5drhQ3UVt2S8R5AJBu302223Q:cax7rSEHK2Yx6wuchTAFYHwvk9Q3E2Fq

Score

1^/10

Malware Config

Signatures

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib\ = "{00947C9A-6E5C-46FD-BAB6-68C560E086BC}"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib\Version = "1.0"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XmBsb.Inst.1	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XmBsb.Inst.1\CLSID	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\0bd654b036bad3e69298f34d572d11a2.exe\""	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0\ = "InstallerLib"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ = "IBoot"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib\Version = "1.0"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XmBsb.Inst.1\ = "Inst Class"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XmBsb.Inst\ = "Inst Class"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XmBsb.Inst\CurVer\ = "XmBsb.Inst.1"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\VersionIndependentProgID	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\ = "Inst Class"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0bd654b036bad3e69298f34d572d11a2.exe"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0\HELPDIR	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XmBsb.Inst	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\LocalServer32	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\Version\ = "1.0"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\Programmable	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0\FLAGS\ = "0"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0\0	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0\0\win32	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XmBsb.Inst.1\CLSID\ = "{045161B3-F8FF-4C14-A170-046162061659}"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\ProgID\ = "XmBsb.Inst.1"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\TypeLib	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0\FLAGS	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ = "IBoot"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\ProgID	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0bd654b036bad3e69298f34d572d11a2.exe"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\TypeLib\ = "{00947C9A-6E5C-46FD-BAB6-68C560E086BC}"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\Version	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00947C9A-6E5C-46FD-BAB6-68C560E086BC}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	0bd654b036bad3e69298f34d572d11a2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XmBsb.Inst\CurVer	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045161B3-F8FF-4C14-A170-046162061659}\VersionIndependentProgID\ = "XmBsb.Inst"	0bd654b036bad3e69298f34d572d11a2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib\ = "{00947C9A-6E5C-46FD-BAB6-68C560E086BC}"	0bd654b036bad3e69298f34d572d11a2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1728	0bd654b036bad3e69298f34d572d11a2.exe
1728	0bd654b036bad3e69298f34d572d11a2.exe

C:\Users\Admin\AppData\Local\Temp\0bd654b036bad3e69298f34d572d11a2.exe
"C:\Users\Admin\AppData\Local\Temp\0bd654b036bad3e69298f34d572d11a2.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-0-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads