bb0003cb7ef40ec392823fe4ca32b7f21d697991ea249f97a61d4ecade2f689b

Analysis

max time kernel
148s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 07:16

Target

4fec6b1b6b2b8cab98c7bac326241ffd.exe
Size

86KB
MD5

4fec6b1b6b2b8cab98c7bac326241ffd
SHA1

e3c630ab0825a77cccef2e235b9f4116f5274069
SHA256

bb0003cb7ef40ec392823fe4ca32b7f21d697991ea249f97a61d4ecade2f689b
SHA512

6e4de4dcf108d748da738dcde1501d6ece2f8d3be741635ed099a47fe08b920b823e74aeea132c766efe7b330478588c2a864e4105faf00f5b3ff0ad4990f82e
SSDEEP

1536:CPaqYxQoPaOo2O/OkInSqtmQLgyx8+S8UWpiPQyKDddbYJkejHW:5xFPDdOTI/maHfnXGJnq

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
3584	4fec6b1b6b2b8cab98c7bac326241ffd.exe
3584	4fec6b1b6b2b8cab98c7bac326241ffd.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\0367F945.dll	4fec6b1b6b2b8cab98c7bac326241ffd.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSINFO\0367F945.dll	4fec6b1b6b2b8cab98c7bac326241ffd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\0367F945.dat	4fec6b1b6b2b8cab98c7bac326241ffd.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSINFO\0367F945.dat	4fec6b1b6b2b8cab98c7bac326241ffd.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Help\wshmcepts.chm	4fec6b1b6b2b8cab98c7bac326241ffd.exe
File opened for modification	C:\Windows\Help\wshmcepts.chm	4fec6b1b6b2b8cab98c7bac326241ffd.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F940367-0367-F945-67F9-36794367F945}\	4fec6b1b6b2b8cab98c7bac326241ffd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F940367-0367-F945-67F9-36794367F945}\InProcServer32	4fec6b1b6b2b8cab98c7bac326241ffd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F940367-0367-F945-67F9-36794367F945}\InProcServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\MSINFO\\0367F945.dll"	4fec6b1b6b2b8cab98c7bac326241ffd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F940367-0367-F945-67F9-36794367F945}\InProcServer32\ThreadingModel = "Apartment"	4fec6b1b6b2b8cab98c7bac326241ffd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F940367-0367-F945-67F9-36794367F945}	4fec6b1b6b2b8cab98c7bac326241ffd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3584	4fec6b1b6b2b8cab98c7bac326241ffd.exe

C:\Program Files\Common Files\microsoft shared\MSInfo\0367F945.dll

Filesize
58KB

MD5
4fb179f636e36422386f6d8e803c2cb1

SHA1
1be660095e6ecdb2def1fd48b751a48bf4b4c35b

SHA256
5615312914d6df2d35d493d8b597556142e733a25466034557a26b7a3a4d20f8

SHA512
5744ef7357dfe0b9a4d74df87e257f115b5dc511153fa14f984671facd281f5c9fb32f5b8338db6f226d1405f5a666dd011f85e34cbbe1af472888413632894d

Download Submit
memory/3584-9-0x0000000000590000-0x00000000005A3000-memory.dmp

Filesize
76KB

Download
memory/3584-13-0x0000000000590000-0x00000000005A3000-memory.dmp

Filesize
76KB

Download
memory/3584-12-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download