e1f141c021c2566f4470596d4c95d0ee2a1e6b55b896af863312f61e849c832e

Analysis

max time kernel
140s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 23:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

78b14afeedefab8e8ef2f891f39107e5.exe
Size

600KB
MD5

78b14afeedefab8e8ef2f891f39107e5
SHA1

90589bbc9d10a8e02675e0dbe33b6c4c3acbf9ac
SHA256

e1f141c021c2566f4470596d4c95d0ee2a1e6b55b896af863312f61e849c832e
SHA512

816c12ce93ee8edc5eb90587e5f133173a71edeae7cbefca34f0d1f7b6a2f8ca69ce49f3b8e03b63268466e6c11a5b798673a2278b294db39df376c4fc7aa8e2
SSDEEP

12288:z88zbQ6Kd+LF0FDZb2GQaorCqXDDmrbujk8Dx+PlkV9ve:z1zU6FmyJCtblyx+PlCve

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ = "IveApp"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\ = "{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\Version	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\ = "{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\Version\ = "1.0"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\Version = "1.0"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\Version	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0\win32	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\runapp.veApi\Clsid\ = "{9EBF9144-C525-42FF-B499-C496C909FD83}"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\runapp.veApi	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\runapp.veFile\ = "veObjects Object"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\ProgID	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\TypeLib\ = "{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\ProgID	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\runapp.veApp	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\Version	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\Version\ = "1.0"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\TypeLib	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\ = "{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ = "IveMisc"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\Version\ = "1.0"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\FLAGS\ = "0"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\ = "{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ = "IveApp"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\ = "{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\ = "{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ = "IveApi"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\Version	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\TypeLib	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78b14afeedefab8e8ef2f891f39107e5.exe"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\LocalServer32	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\runapp.veFile\Clsid\ = "{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\ProgID\ = "runapp.veFile"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\Version = "1.0"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\runapp.veMisc\Clsid\ = "{80CFBE22-7CED-4A89-B601-AAD10F00C88A}"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\Version = "1.0"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ = "IveMisc"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\runapp.veApi\	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\ = "veObjects Object"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\FLAGS	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\ProgID\ = "runapp.veApi"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78b14afeedefab8e8ef2f891f39107e5.exe"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78b14afeedefab8e8ef2f891f39107e5.exe"	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ = "IveFile"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}	78b14afeedefab8e8ef2f891f39107e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	78b14afeedefab8e8ef2f891f39107e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\runapp.veFile\Clsid	78b14afeedefab8e8ef2f891f39107e5.exe

C:\Users\Admin\AppData\Local\Temp\78b14afeedefab8e8ef2f891f39107e5.exe
"C:\Users\Admin\AppData\Local\Temp\78b14afeedefab8e8ef2f891f39107e5.exe"
1⤵
- Modifies registry class
PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3036-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/3036-2-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3036-4-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads