8f1a49544decb8ece3aed3a8ec474915b164221aa9f48d4f76bcc804d97d8ad1

Analysis

max time kernel
160s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

orange/Type.exe
Size

1.0MB
MD5

9d472a5d8136f273d5dbdd878de3be0d
SHA1

81470da10a1c0f177224278f4ffb31e374593eec
SHA256

3556a2ecdc73913666dfe4edc4fa22b7521441661701e1bca2625e92bf199a55
SHA512

8d9ab81e0ff3aaca3cff69fda86878a0883bbb05307820a4b3634815ef59bf1ead61154ec862312b15f4bf6f6938943970cd078da143c1870082b9331ebfd20a
SSDEEP

24576:t1pJb2FvJOMAKy65K+Z1TTAs7VTC1x3fkySbElrbBlRwbNo:t1pKxOPzf+Z1YCEx3fkySb+rbBl6x

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 32 IoCs

pid	Process
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\orange\\MSINET.OCX"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\orange\\MCI32.OCX"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{09AEDAC3-396D-4BE7-A2D0-6D540964E651}	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MCI.MMControl\ = "Microsoft Multimedia Control, version 6.0"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AE8F14D1-02B2-4C00-A460-88D89D59F447}\TypeLib	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BCEC1193-8E9F-4AB7-B1DD-BF9D3896B274}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BCEC1193-8E9F-4AB7-B1DD-BF9D3896B274}\TypeLib\Version = "1.0"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7ABC220-DF71-11CF-8E74-00A0C90F26F8}\ = "Imci"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\ = "Microsoft Winsock Control 6.0 (SP6)"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\ = "Microsoft Multimedia Control, version 6.0"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\InprocServer32	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACD4732E-2B7C-40C1-A56B-078848D41977}\1.0\HELPDIR	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}\ProxyStubClsid32	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C1A8AF27-1257-101B-8FB0-0020AF039CA3}\TypeLib	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}\ProxyStubClsid32	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCEC1193-8E9F-4AB7-B1DD-BF9D3896B274}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64F1519C-5E02-41DD-8948-AB8D9BDF8589}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\orange\\Image.ocx"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ = "Microsoft Internet Transfer Control 6.0 (SP6)"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}\TypeLib\ = "{ACD4732E-2B7C-40C1-A56B-078848D41977}"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\Control	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.1"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CLSID	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID\ = "MSWinsock.Winsock.1"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACD4732E-2B7C-40C1-A56B-078848D41977}\1.0	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AE8F14D1-02B2-4C00-A460-88D89D59F447}	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{09AEDAC3-396D-4BE7-A2D0-6D540964E651}\MiscStatus\ = "0"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{113FF3A0-5FCF-48FC-BFC4-5999A87A7092}\TypeLib\Version = "1.0"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCEC1193-8E9F-4AB7-B1DD-BF9D3896B274}\TypeLib	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C1A8AF27-1257-101B-8FB0-0020AF039CA3}\ProxyStubClsid32	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B7ABC220-DF71-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{64F1519C-5E02-41DD-8948-AB8D9BDF8589}\ = "ImageX.ppgSourceImage"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B4565341-B998-4E76-AC5D-65614FCC791E}\TypeLib	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BCEC1193-8E9F-4AB7-B1DD-BF9D3896B274}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	Type.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1\CLSID\ = "{248DD896-BB45-11CF-9ABC-0080C7E7B78D}"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{113FF3A0-5FCF-48FC-BFC4-5999A87A7092}\TypeLib\ = "{ACD4732E-2B7C-40C1-A56B-078848D41977}"	Type.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C1A8AF27-1257-101B-8FB0-0020AF039CA3}\TypeLib\ = "{C1A8AF28-1257-101B-8FB0-0020AF039CA3}"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\MiscStatus\ = "0"	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	Type.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B4565341-B998-4E76-AC5D-65614FCC791E}\VERSION	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9D6E41C4-9A25-4C02-AE41-B87F6C1805FA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Type.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\orange\\MSINET.OCX, 1"	Type.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2116	Type.exe
2116	Type.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2116	Type.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe
2116	Type.exe

C:\Users\Admin\AppData\Local\Temp\orange\Type.exe
"C:\Users\Admin\AppData\Local\Temp\orange\Type.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\orange\cache.ini

Filesize
1KB

MD5
d5a70738070f11e5709a384889536b59

SHA1
80c0cefc826bea70fde75dbfe54176686e97d4fb

SHA256
ff31e347855df8f63116a11b7e6933884e3804325057bfdddf824e91de7a58de

SHA512
cbb92f6ac7178a530400d5af152a4f309b2eb84e39443db311f0d7f72c5d43d49df10ac3fdd5376b8734876b244c32bfd9c522c2ecbf51d3d26c94bc840e0c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\orange\cache.ini

Filesize
1KB

MD5
a0f48e9a5b121f335ab98e7a5811beb1

SHA1
4252502ad051313c0fff5f65a590445a966b5c26

SHA256
80554f614cbff5006d1e1128150e9323f944f2d0070f515a487a95ff0dd0da52

SHA512
a57988e4dd7da4863f81c4822532f4f0c75ae02c8d3c082c6f57160f038d4c200e3cfe37d194174cbee3e3aa98610ffa5fdf2e77fd8fca89d96a9de0642c1193

Download Submit
C:\Users\Admin\AppData\Local\Temp\orange\skins\skin.ini

Filesize
383B

MD5
0d96b8fae970f6e00c977b17181029ea

SHA1
09bd18f48bd72c72bd51cfda0f158185fa26eef2

SHA256
88d74c62f4c08c369855c8586636b5f08dd160cca9c56e6a1a3d1c56f6befec1

SHA512
518348bf472ba401f21b8e3bd2b4b836dafbf95d6656af6baa71e09e1a44c2bd050cf3f6f1592d979bb37e39eae92b6d9948bfe700bca5e701b2bfa2ecb3895e

Download Submit
memory/2116-13080-0x0000000021580000-0x0000000021600000-memory.dmp

Filesize
512KB

Download
memory/2116-13082-0x0000000021580000-0x0000000021600000-memory.dmp

Filesize
512KB

Download
memory/2116-13070-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13071-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13072-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13073-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13076-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13077-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13079-0x0000000021580000-0x0000000021600000-memory.dmp

Filesize
512KB

Download
memory/2116-0-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13081-0x0000000021580000-0x0000000021600000-memory.dmp

Filesize
512KB

Download
memory/2116-13069-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-5884-0x0000000077230000-0x00000000772AA000-memory.dmp

Filesize
488KB

Download
memory/2116-13108-0x0000000004F70000-0x0000000004FC7000-memory.dmp

Filesize
348KB

Download
memory/2116-13109-0x0000000004F70000-0x0000000004FC7000-memory.dmp

Filesize
348KB

Download
memory/2116-13110-0x0000000004500000-0x0000000004501000-memory.dmp

Filesize
4KB

Download
memory/2116-13111-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13112-0x0000000021580000-0x0000000021600000-memory.dmp

Filesize
512KB

Download
memory/2116-3875-0x0000000076280000-0x0000000076420000-memory.dmp

Filesize
1.6MB

Download
memory/2116-1-0x0000000076060000-0x0000000076275000-memory.dmp

Filesize
2.1MB

Download
memory/2116-13133-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/2116-13138-0x0000000004F70000-0x0000000004FC7000-memory.dmp

Filesize
348KB

Download