28411261cb3f27081f910190d1c7742fb805185430af10131d5b39fd2e39c832

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

emule.exe
Size

5.5MB
MD5

f3f709c2d49dd6636f4ede5c2cae5448
SHA1

8e0ea03e4c38199e10a2bc12db8b2df70484111d
SHA256

06cdf814387f627a4bd05a0c68211f715bfa952423e8e8a462e1f47c11a4d20e
SHA512

7a0df912b5ddc149d770260a2e1a3f55e58ac2e9ef02883e8baa08e79261075b82955bc8e57641bb2c16983abcada2581850fafc11b92a133605127bda80513e
SSDEEP

49152:/BGoXbyOj8LePLHcPPLRCAnyOTxP9DzE4GEATLHYiipKXePi9Wxmw7b4ZC1VTWS3:rEWLHcPFCv745ATLHY1kO6g0w7b0XiG

Score

1^/10

Malware Config

Signatures

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k\shell	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k\ = "URL: ed2k Protocol"	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\emule.exe"	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k\URL Protocol	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k\shell\open\command	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k\shell\open	emule.exe
Key created	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k\DefaultIcon	emule.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\ed2k\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\emule.exe\" \"%1\""	emule.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3972	emule.exe
3972	emule.exe
3972	emule.exe
3972	emule.exe
3972	emule.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3972	emule.exe
3972	emule.exe
3972	emule.exe
3972	emule.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3972	emule.exe
3972	emule.exe
3972	emule.exe
3972	emule.exe

C:\Users\Admin\AppData\Local\Temp\emule.exe
"C:\Users\Admin\AppData\Local\Temp\emule.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\eMule\config\preferences.ini

Filesize
26B

MD5
ec0280f3f439c6febb6b49883c5c100e

SHA1
642fe5a3945184440c48368e92c0d6be4c195326

SHA256
f124bff0c7833f05418d9980d994152346329d8ca56d080840859aca3a78f151

SHA512
cb5e24ed70c9228eeb0028be1ed1cd69c1bc7961f203290a6fa9b0f55780167ca4d989ce09a2f654504da5bcc9e4ce79ea4f5121680a62fb65bcf929f109f5fc

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
812B

MD5
e09f889d1ba807bdf6dc1cb7457b44d9

SHA1
194fe3662357ff0f8e165de882791a2a1af5d76c

SHA256
7272a491d35d0d6973436aa108de6861a7abdc3d3c6b535fffcaf9a37a8c5603

SHA512
f3fdb561b1a32af48b1d6ba43aaec56a8e0db8034700a26f083b8fae1db64be2412952d9c160ef8fcece48665f1359ab6489338a12de3c48f921c7b60f828edc

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
dca5ea21fc626a457c23bdcfae5ece8f

SHA1
78bf040981d68f48ffad7e1f8112e9a66d6bead6

SHA256
051bb5dad4823ca23cb7233c97ca894971886c6913e9fcb3a7f163f218cfd44b

SHA512
820f0e0d187c4eefe8c652089688187699ce2eeaa7c22deccc5bfff1d20937208aaa253223ecc45053f29f814650d795cd09a41a258520fa4984e198cde4063d

Download Submit
C:\Users\Admin\AppData\Local\eMule\config\statistics.ini

Filesize
1KB

MD5
43f30c0ee815f1bc41a9588a79643dc1

SHA1
7a4d344353d7204d96eea0d02c7da123a6ac45dd

SHA256
7f93e610eec9d6ecb1723aa3ab4fbb46bdc2598d8f0a40c649238b58f0785f31

SHA512
593547c05747593bf6eeeb5eb45ad02ea5849e4482e2f807175a72c851a303802e4fcd213e06c54d41edbb6693ef86815af0c46506785f78f5d86e6b96df59f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads