141f9e4d789b6c955dc2f5179e776718557919462e81637e41aca48cc9c6fd75

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2293a5b12eae2d9ce900c9c102b83861.exe
Size

332KB
MD5

2293a5b12eae2d9ce900c9c102b83861
SHA1

54425b8d746c04d78bd5453971a61d5ef30c67ce
SHA256

141f9e4d789b6c955dc2f5179e776718557919462e81637e41aca48cc9c6fd75
SHA512

335755aad350eaa949fccf750fb4ef5aef7972f58f8e85bfe79fd1c0037f9231c6a9a1e50d3be2c8cb038b87ffb1d2e12dd5fbb986cbd348178bb4b7568ed151
SSDEEP

6144:93PmlupvC1KM4yr0hPFPR5j9CQG2nEhovJLwfZTZXrHBGdTwMp/lymwT:93r6u/FPR5RzEhohMfZxhafj

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\TypeLib\ = "{9E01E53F-7E3F-4263-ADD2-FD99896A3559}"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\innercuteword.innerfunctions\Clsid	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ProxyStubClsid	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2293a5b12eae2d9ce900c9c102b83861.exe"	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\TypeLib\Version = "1.0"	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\ = "innercuteword.innerfunctions"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\LocalServer32	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\VERSION\ = "1.0"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0\FLAGS	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0\HELPDIR	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\TypeLib\ = "{9E01E53F-7E3F-4263-ADD2-FD99896A3559}"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\TypeLib\ = "{9E01E53F-7E3F-4263-ADD2-FD99896A3559}"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0\0	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ = "_innerfunctions"	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\TypeLib\Version = "1.0"	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\ProgID\ = "innercuteword.innerfunctions"	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0\ = "CuteWordFuncs"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\innercuteword.innerfunctions	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\innercuteword.innerfunctions\ = "innercuteword.innerfunctions"	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\Implemented Categories	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0\FLAGS\ = "0"	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\TypeLib	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\TypeLib	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\Programmable	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}\1.0\0\win32	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ProxyStubClsid32	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2293a5b12eae2d9ce900c9c102b83861.exe"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\VERSION	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\TypeLib	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\innercuteword.innerfunctions\Clsid\ = "{20387D18-70F9-484C-BF16-0461EE2EB14C}"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E01E53F-7E3F-4263-ADD2-FD99896A3559}	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ = "_innerfunctions"	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ProxyStubClsid32	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}	2293a5b12eae2d9ce900c9c102b83861.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20387D18-70F9-484C-BF16-0461EE2EB14C}\ProgID	2293a5b12eae2d9ce900c9c102b83861.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C26A62AF-B29F-45F5-9C7F-6EA9A8CC089D}\ = "innerfunctions"	2293a5b12eae2d9ce900c9c102b83861.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3852	2293a5b12eae2d9ce900c9c102b83861.exe

C:\Users\Admin\AppData\Local\Temp\2293a5b12eae2d9ce900c9c102b83861.exe
"C:\Users\Admin\AppData\Local\Temp\2293a5b12eae2d9ce900c9c102b83861.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3852-0-0x0000000000400000-0x0000000000595000-memory.dmp

Filesize
1.6MB

Download
memory/3852-1-0x0000000000400000-0x0000000000595000-memory.dmp

Filesize
1.6MB

Download
memory/3852-4-0x0000000000400000-0x0000000000595000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads