d0a90ec662a022223c6ac1d9837e0310501d472ca54c840a1bba4c6934976432

Analysis

max time kernel
143s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 12:40

Target

18cdc69a863bea01201639c75a10b86a.exe
Size

86KB
MD5

18cdc69a863bea01201639c75a10b86a
SHA1

2101fc7146296600f0ed6bbe84bfff21b47bd846
SHA256

d0a90ec662a022223c6ac1d9837e0310501d472ca54c840a1bba4c6934976432
SHA512

9e6b1150ca6bd64cf83464bef475a6fb8ed6bf8fb735b1d478a356d903c123b5ed3830585c9ada8c35071c9bd8d96fe83750248629625d56a8fbb073ddd93f6f
SSDEEP

1536:S5/bPR3AB78pZxtb0x9GMlxdBxvooFiJJxemPKFKty83tnSrmrSgZzeQSQz:SNP1AB78pr6OMlpx3FCPPrvtnSySgteg

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
2228	18cdc69a863bea01201639c75a10b86a.exe
2228	18cdc69a863bea01201639c75a10b86a.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\HELP\F3C74E3FA248.dll	18cdc69a863bea01201639c75a10b86a.exe
File opened for modification	C:\Windows\HELP\F3C74E3FA248.dll	18cdc69a863bea01201639c75a10b86a.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}	18cdc69a863bea01201639c75a10b86a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\ = "SSUUDL"	18cdc69a863bea01201639c75a10b86a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32	18cdc69a863bea01201639c75a10b86a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ = "C:\\Windows\\HELP\\F3C74E3FA248.dll"	18cdc69a863bea01201639c75a10b86a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel = "Apartment"	18cdc69a863bea01201639c75a10b86a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2228	18cdc69a863bea01201639c75a10b86a.exe

C:\Windows\Help\F3C74E3FA248.dll

Filesize
69KB

MD5
82b40f113b6a7fff853c2335487cfa00

SHA1
adf1f67c68c14d7588d791415f3b91aeb6f3b173

SHA256
58d62dab8b73741c000a1348a6f7172dbd904d8fc581ab47a4b814fbbb22f66a

SHA512
adbae524b3bc7b4deee329e61ea5fc41c7567dd2dc1b2384eaea5c981bed75016e203d046ac266ea3094391c24d2a56add444f28da039a58cb1de8d5226e1b98

Download Submit
memory/2228-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2228-6-0x00000000022D0000-0x0000000002319000-memory.dmp

Filesize
292KB

Download
memory/2228-9-0x00000000022D0000-0x0000000002319000-memory.dmp

Filesize
292KB

Download
memory/2228-10-0x00000000022D0000-0x0000000002319000-memory.dmp

Filesize
292KB

Download
memory/2228-11-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2228-12-0x00000000022D0000-0x0000000002319000-memory.dmp

Filesize
292KB

Download