89a075f9e18e9e0c9f79ecf3798a1650e8d8a48128f027b62560fd7c57682222

Analysis

max time kernel
1184s
max time network
1168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 10:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

emule.exe
Size

9.1MB
MD5

06c93aef03c9b150c2738052e906250b
SHA1

26600394e1bf9d567ef91b415499277c0e354055
SHA256

a40a10c972b58cbdcc9413b152ab43b519917f6fc1be14c73c72c2dee94cc0c6
SHA512

2f1f48f12318a23d05ec2750fd4cb663737e6ad7e7106bc6e87e015f55ca9cd5bd61759b3ba12ba5880ce7145eea862c1578e9be25829662cac05ea2ae5912a8
SSDEEP

98304:bFuywC4U0ZTlFieXvRFLcSKEnPt/VRwJraShhT5bbML4VENIO:bwemTl9FbKEn1NMr7bbMch

Score

1^/10

Malware Config

Signatures

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k\shell\open\command	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\emule.exe\" \"%1\""	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\emule.exe"	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k\ = "URL: ed2k Protocol"	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k\URL Protocol	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k\shell	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k\shell\open	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\ed2k\DefaultIcon	emule.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1868	emule.exe
1868	emule.exe
1868	emule.exe
1868	emule.exe
1868	emule.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
1868	emule.exe
1868	emule.exe
1868	emule.exe
1868	emule.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1868	emule.exe
1868	emule.exe
1868	emule.exe
1868	emule.exe
1868	emule.exe
1868	emule.exe

C:\Users\Admin\AppData\Local\Temp\emule.exe
"C:\Users\Admin\AppData\Local\Temp\emule.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
46ebbde24a9f779d0d15a6e933f19abe

SHA1
a0445001661aa2201823f5d51f85334cbb1d6d05

SHA256
955482f0e96a43be65c690bc4344dfb8418f2effc75086fc7718cbf3e9158ad5

SHA512
3f166ec57c1e748ada1c9c233bd18e7778864424166fad4e535811f7ff3bf0052e576aa7858f46c0593f401b805bfc3a47e4d620ea915d60a1b63249a311c88e

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
88124944a00954bd09e2154aaf932f1a

SHA1
fd2ce0017e4c44224b58932465447223671ecca3

SHA256
25c60631bf5134c27f9d129d825cdf40f99a55a2b05fc01de12aaf3751f4eeaf

SHA512
9426c992be89dae0931f71f184f153c58e26dac546938b14c9f54abcee27ecf8cf3c5d940f6311910bae329634f3b9be353a00e7b62c25ace304cb06c5086ff5

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
a28005f04529c7e31e533ebff9db9014

SHA1
36c465d6484a700690a70dc55b83796bc83e7d41

SHA256
3c1f6bf7411b8221ef3319f787bcf27398f60532354670f05d245777f046f3a6

SHA512
2a259d4fe913e69f1b7033ac5284c78f7cde64f468262e477ed7b74f2e7789088da69770f06cb8d84dd3c61913df26599f44cb68e13533b193254414259ec876

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
d8976e0e4bcc98f920b77ffb2cba34ac

SHA1
2bc4b9f0fc5320e15e935a59adfd08faaf377961

SHA256
85e060b6d334afa80d0298aef186f42ac7a6647aebebb300cdc1676f0e440dcf

SHA512
205f7fe8533728af447b3e86bb8e977216f940b15a823c5bb8920d230ffa401599145b2e3a3399b1f2cf3e49700339b2c054bfdc83f7babb9b7bc14efdcf232c

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
0c04b1b479e0ccb46fa58e567e8b4804

SHA1
2a6017712cd0b9172baac3d63f43694437168fd1

SHA256
6fbd576e229e35d8fce4568bbc0dc9e55862eac468d8a610b83895cee7793869

SHA512
66c5e4930091d7235699558849bb607e9efe2e21f250c347e7202e42b176a12f715c000a8e3473e0c7881a419c2f5665eee9321d08d82bab026b607bef87ce7d

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
812B

MD5
e09f889d1ba807bdf6dc1cb7457b44d9

SHA1
194fe3662357ff0f8e165de882791a2a1af5d76c

SHA256
7272a491d35d0d6973436aa108de6861a7abdc3d3c6b535fffcaf9a37a8c5603

SHA512
f3fdb561b1a32af48b1d6ba43aaec56a8e0db8034700a26f083b8fae1db64be2412952d9c160ef8fcece48665f1359ab6489338a12de3c48f921c7b60f828edc

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
f9b83aedcef2506eff24ad74bf64726d

SHA1
871705fb2ab65e9c0ea37bf6823663009a05ffa7

SHA256
2f73213d6649db9510c19a5544d4849baa5a9face020fc5ac1f6a2141a120558

SHA512
333be266410358b1c385177a2a1fdecf03b4fc30bab985414cefae7b06d4ad7428c1738622335397744c8388d93017ee285d34d0d5e0f937d8cd19591c6010e2

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
9311371e7801fced55c471f6bf0ae757

SHA1
ac17ff001f13d4f72ea19c830ee2091ed707f110

SHA256
a4534023beda4f4c95c23f66bcb317989245733c89b7ed0add49be40da1fe343

SHA512
9b676ee5322ac32b96e211cfa625e428205f5d6df786cd2c07aa43201faef47d495f8b9f57087880dd96abf60057f2ab5fd14ec849b20a3f0e28d7e28b3c6d06

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
dc7f6707da5c83443180679ee837bbed

SHA1
0a7e4dbcda7c1477540c7a7b7e6e94de75522ee3

SHA256
dc9aa825d14cf932c53cb651525d3c8965991772d0cf8bdeccab2ad20abc513f

SHA512
d317ef8b7a3232c64e76dad35e779bfeadfaa3fa4477e74db40319ed5041c285c73df3d47846d153ee105919d6a86a777bff1e876e8fdc64cbc25bca145220f3

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
9baf23d90e029935b884653dad4de6f8

SHA1
2500e1f5a330660d01e30f58b2fce1f88bc77a5c

SHA256
84dfbd0453038ab574cc6617bc6da1c010caa66e82e36fd0ae7968201d9d4dda

SHA512
e2e1e652d80eaa5c3edae9b0dbc928627f3c7bb45f8b489d66a827f5cd3e5176077de8a88498fd3764a1633a054f9c00156da6fd9c10903a9d7cc0c875d83789

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
3af4f9c57cd4881529962e51900777e6

SHA1
7b495ccd152aa8186f3e9589a1aced8dbd967e93

SHA256
bd21d861e4892f2687098b6bc1ac22db5b0f1cd1a1569d94225dfc23af279566

SHA512
37505177a0fb20a139284b0352d21582e420f0b57b9c98df1c6bf482e15dbe77b250dd2766ff1fa53ef9a8f855e43c21194aed260679f66c80d213f89eb300bd

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
17bbb93875a1ea9e0d1301b1b672176b

SHA1
7bc785e5ed44fe181924fd8b6611801f4c98a6e1

SHA256
74516477460f546334b6d8dff2b2563e085c1c26a658538c3da378c187c3fad0

SHA512
4017421941fca3473c561dcf9d604fc9bf98742e09b66085ff180f0b36a50808f039cfd5985fb692148c0f8b561860bd1387c7684b39318c3eb85906195ce83f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads