4d3652fd89824157479660204648f005f8ea35f1aca2662c2e642cf5accf95d3

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:41

Target

163c533ac5d98827946d63c57bd9e408.exe
Size

10KB
MD5

163c533ac5d98827946d63c57bd9e408
SHA1

69d795a0ca4dc7c34314c44f3268bba608bf7f7b
SHA256

4d3652fd89824157479660204648f005f8ea35f1aca2662c2e642cf5accf95d3
SHA512

46f7119ffbba1369757e65b1356110b5ee1ffa5d28df662d5f7b9c7e970949c4582049fb76c6083f29cdda1abb2db229465311e2e68042ff3123fd0667cb1ceb
SSDEEP

192:IT+rm4D1NMymRMAE9IxLdUXFKV1cHVGDhsa/kgUwur:IT+KsWFM39IxIkV6t

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\riapri.dll	163c533ac5d98827946d63c57bd9e408.exe
File created	C:\Windows\SysWOW64\riapri.dll	163c533ac5d98827946d63c57bd9e408.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{152D2432-37A2-324F-2A54-21BF5CF2F1A1}\InprocServer32\ThreadingModel = "Apartment"	163c533ac5d98827946d63c57bd9e408.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{152D2432-37A2-324F-2A54-21BF5CF2F1A1}\InprocServer32	163c533ac5d98827946d63c57bd9e408.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	163c533ac5d98827946d63c57bd9e408.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	163c533ac5d98827946d63c57bd9e408.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{152D2432-37A2-324F-2A54-21BF5CF2F1A1}	163c533ac5d98827946d63c57bd9e408.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{152D2432-37A2-324F-2A54-21BF5CF2F1A1}\InprocServer32\ = "C:\\Windows\\SysWow64\\riapri.dll"	163c533ac5d98827946d63c57bd9e408.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2996	163c533ac5d98827946d63c57bd9e408.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2668	2996	163c533ac5d98827946d63c57bd9e408.exe	28
PID 2996 wrote to memory of 2668	2996	163c533ac5d98827946d63c57bd9e408.exe	28
PID 2996 wrote to memory of 2668	2996	163c533ac5d98827946d63c57bd9e408.exe	28
PID 2996 wrote to memory of 2668	2996	163c533ac5d98827946d63c57bd9e408.exe	28

C:\DeleteFileDos.bat

Filesize
176B

MD5
656da6bd53be9d048af4fb2e360cc4a8

SHA1
780490d1f5a14709f4a7301671df55024fb46839

SHA256
70263262c8bd81e56eede708772bd9c669cefcb68fae3601e5af381f47ce90b6

SHA512
b45a7e7d2a191428ed6df5f82bd808d317a27be217ae8566416ab20b143cdd2c2fbecee9a67b25e31e9eed5f9a32b4f3e28505900815c66e641a43f832ba27c6

Download Submit
C:\Windows\SysWOW64\riapri.dll

Filesize
15KB

MD5
4ae13fc187880d4265698e5b0b5603b8

SHA1
4362a23286dda62073b430b95100067a8c346f5d

SHA256
b47b11c9ce2d4e570024948781ddadee558e33578d3504f058b45c5b70c27c32

SHA512
b46457c65e164ab7923e6613295ff6077597c7d1a2db5fe3fae38eeb231561d8eb6c3046175656c560103361d4a4c6b8cc6b0475aec6d1a511ea5f01b1839191

Download Submit
memory/2996-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2996-18-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download