ed3311506c8b27dbdf2521a15ca96711f8b20d84ab71aee1575aa6e7744fda18

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:50

Target

13bb7af50e49ed668e5443d2340dbd85.exe
Size

85KB
MD5

13bb7af50e49ed668e5443d2340dbd85
SHA1

0aa5d9dc38f0859fc26febe01cf1abfbf8d2fdbb
SHA256

ed3311506c8b27dbdf2521a15ca96711f8b20d84ab71aee1575aa6e7744fda18
SHA512

a4de750955b92b809e784b410e8c1d1051964f57a75fa961f57a0dfba02327c1debd22d409a3aed8f179a5f971e323d9c6a3500b42f6630a6c89e7596872974c
SSDEEP

1536:ACQHHIEgTypBrCDzcS59vdnQVjgzo2H1I+NPpEuU6XVbhc5P4NxWD:ACKIjW+DzcqnQVjGoQDNPzU6XpaF

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1732	13bb7af50e49ed668e5443d2340dbd85.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\HELP\F3C74E3FA248.dll	13bb7af50e49ed668e5443d2340dbd85.exe
File opened for modification	C:\Windows\HELP\F3C74E3FA248.dll	13bb7af50e49ed668e5443d2340dbd85.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32	13bb7af50e49ed668e5443d2340dbd85.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ = "C:\\Windows\\HELP\\F3C74E3FA248.dll"	13bb7af50e49ed668e5443d2340dbd85.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel = "Apartment"	13bb7af50e49ed668e5443d2340dbd85.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}	13bb7af50e49ed668e5443d2340dbd85.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\ = "SSUUDL"	13bb7af50e49ed668e5443d2340dbd85.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1732	13bb7af50e49ed668e5443d2340dbd85.exe

\Windows\Help\F3C74E3FA248.dll

Filesize
69KB

MD5
b775aa97cdd4880de82eb5b6e48ee9e2

SHA1
cba291e8d38d407b2b5d1f2193704e3858490603

SHA256
ba7b958f843dbbcdbaac8a1f13012af6c8db69ff358cfa0fef7194073f0d4a8b

SHA512
801c55e6923cd98f139588ab16253c9bd9d4976a19505ebd161a70afbe9fb9382828788d136cea49bc06ed941a1583785cade13162a143ada65a9ff822907026

Download Submit
memory/1732-6-0x0000000000220000-0x0000000000268000-memory.dmp

Filesize
288KB

Download
memory/1732-7-0x0000000000220000-0x0000000000268000-memory.dmp

Filesize
288KB

Download
memory/1732-5-0x0000000000220000-0x0000000000268000-memory.dmp

Filesize
288KB

Download
memory/1732-0-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/1732-9-0x0000000000220000-0x0000000000268000-memory.dmp

Filesize
288KB

Download
memory/1732-8-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download