7325f355d4b5906dfd97cf943e17ba4921c30bc8e54925128542267e9d287bb8

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:59

Target

2921d2e2f6f10c0c69a4b09a100b466c.exe
Size

73KB
MD5

2921d2e2f6f10c0c69a4b09a100b466c
SHA1

df9eff8e2fe1013fcd67f19c5cd3b32afa052c90
SHA256

7325f355d4b5906dfd97cf943e17ba4921c30bc8e54925128542267e9d287bb8
SHA512

a8d60a70585bfe8698452f780450162276231c3a8387aea76b111a151c33f509432439f924a839c7cfa4d5951cc3b621d151a8d8a4d8a6c55bb15504f6d5c3bc
SSDEEP

1536:hkb2IcfkBPc0Vi+9yfZFeuHB7z5iIzZB9tadyHGrjNb/fw1EzFccHM:sGkBPXyfZFeEAINwP5bnwizFc6

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2160	2921d2e2f6f10c0c69a4b09a100b466c.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Debug\B831406A9770.dll	2921d2e2f6f10c0c69a4b09a100b466c.exe
File opened for modification	C:\Windows\Debug\B831406A9770.dll	2921d2e2f6f10c0c69a4b09a100b466c.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32	2921d2e2f6f10c0c69a4b09a100b466c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ = "C:\\Windows\\Debug\\B831406A9770.dll"	2921d2e2f6f10c0c69a4b09a100b466c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ThrEaDiNgModEL = "aPaRTmEnT"	2921d2e2f6f10c0c69a4b09a100b466c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}	2921d2e2f6f10c0c69a4b09a100b466c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\ = "fsvdf"	2921d2e2f6f10c0c69a4b09a100b466c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2160	2921d2e2f6f10c0c69a4b09a100b466c.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2884	2160	2921d2e2f6f10c0c69a4b09a100b466c.exe	16
PID 2160 wrote to memory of 2884	2160	2921d2e2f6f10c0c69a4b09a100b466c.exe	16
PID 2160 wrote to memory of 2884	2160	2921d2e2f6f10c0c69a4b09a100b466c.exe	16
PID 2160 wrote to memory of 2884	2160	2921d2e2f6f10c0c69a4b09a100b466c.exe	16
PID 2160 wrote to memory of 2976	2160	2921d2e2f6f10c0c69a4b09a100b466c.exe	31
PID 2160 wrote to memory of 2976	2160	2921d2e2f6f10c0c69a4b09a100b466c.exe	31
PID 2160 wrote to memory of 2976	2160	2921d2e2f6f10c0c69a4b09a100b466c.exe	31
PID 2160 wrote to memory of 2976	2160	2921d2e2f6f10c0c69a4b09a100b466c.exe	31

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
41B

MD5
5f749e491b2837428177939d86e61bfe

SHA1
c3298f0c3f76c24c770d0a3d4be4f75c9ba81cec

SHA256
008fcb52695195b64a31b9523f501faeddce2c957b655000e92789736acc6274

SHA512
adf21ea7f28ce7ac4e77270d20fdbac3d6a749026d3e798fe095c2de755f17730c2fbecc100e20015ab18fc9289cd6c35fb030c3a6ae18ccb5c59e1bcbde27f4

Download Submit
memory/2160-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2160-19-0x00000000001B0000-0x00000000001DB000-memory.dmp

Filesize
172KB

Download
memory/2160-22-0x00000000001B0000-0x00000000001DB000-memory.dmp

Filesize
172KB

Download
memory/2160-23-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download