04758db8553c2e207871021008fdba4a99576d3dfc9a1a42bbdfddf2448e333d

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/01/2024, 20:12

Target

3ef813d3b06de0d718960ee0b3cac240.exe
Size

107KB
MD5

3ef813d3b06de0d718960ee0b3cac240
SHA1

0358d69e1bb21aba314832be52aed676511d7224
SHA256

04758db8553c2e207871021008fdba4a99576d3dfc9a1a42bbdfddf2448e333d
SHA512

293d0af7a8dea9e7d32aea0a9f235c8d1eb500983c50eb392ca6bc5f1b1327118aee2eae924ba3ab0676d706ecdf49d6d6763f12879f68fc6cd4d005950652a0
SSDEEP

1536:3WU7JfGXyjPrwpw2ZCZg6oIg/g4Rx/jz6OLVSRepPk7IfsdOApw/8Wt0qfplybjO:H1xUpgZ2J/g4n/FsRecP5pI8WRpyK

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2532	3ef813d3b06de0d718960ee0b3cac240.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Debug\B831406A9770.dll	3ef813d3b06de0d718960ee0b3cac240.exe
File opened for modification	C:\Windows\Debug\B831406A9770.dll	3ef813d3b06de0d718960ee0b3cac240.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}	3ef813d3b06de0d718960ee0b3cac240.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\ = "fsvdf"	3ef813d3b06de0d718960ee0b3cac240.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32	3ef813d3b06de0d718960ee0b3cac240.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ = "C:\\Windows\\Debug\\B831406A9770.dll"	3ef813d3b06de0d718960ee0b3cac240.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ThrEaDiNgModEL = "aPaRTmEnT"	3ef813d3b06de0d718960ee0b3cac240.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2532	3ef813d3b06de0d718960ee0b3cac240.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1308	2532	3ef813d3b06de0d718960ee0b3cac240.exe	28
PID 2532 wrote to memory of 1308	2532	3ef813d3b06de0d718960ee0b3cac240.exe	28
PID 2532 wrote to memory of 1308	2532	3ef813d3b06de0d718960ee0b3cac240.exe	28
PID 2532 wrote to memory of 1308	2532	3ef813d3b06de0d718960ee0b3cac240.exe	28
PID 2532 wrote to memory of 2724	2532	3ef813d3b06de0d718960ee0b3cac240.exe	30
PID 2532 wrote to memory of 2724	2532	3ef813d3b06de0d718960ee0b3cac240.exe	30
PID 2532 wrote to memory of 2724	2532	3ef813d3b06de0d718960ee0b3cac240.exe	30
PID 2532 wrote to memory of 2724	2532	3ef813d3b06de0d718960ee0b3cac240.exe	30

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
52B

MD5
79f485589be6c5807d897f83641c45f5

SHA1
cf89f8962cbb25c0a22949e6956b2f7340680f59

SHA256
7ac89c9449bb50e781081d1bee95b39f786553f79ae651638097748f926ff2ec

SHA512
409cf520741545b8674b9a2164741a0a1b00057162ee084f02e0752880995df7494ba1cbc8fedb30cae21c42b8d16cb28d9063d915732c967fdacae12b732278

Download Submit
memory/2532-0-0x0000000000400000-0x000000000043F20C-memory.dmp

Filesize
252KB

Download
memory/2532-9-0x0000000000400000-0x000000000043F20C-memory.dmp

Filesize
252KB

Download
memory/2532-21-0x0000000000440000-0x000000000046B000-memory.dmp

Filesize
172KB

Download
memory/2532-25-0x0000000000440000-0x000000000046B000-memory.dmp

Filesize
172KB

Download
memory/2532-24-0x0000000000400000-0x000000000043F20C-memory.dmp

Filesize
252KB

Download