9c113ec7caa9fabb41d04f0013e1ff0214bb5d3b06f4bfb3eea8dab01b1f74ee

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/02/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a981481a4a82bdeaa7039912cfec1c5b.exe
Size

799KB
MD5

a981481a4a82bdeaa7039912cfec1c5b
SHA1

4097d669b2eb7c79a90d8780e98a3edf25505876
SHA256

9c113ec7caa9fabb41d04f0013e1ff0214bb5d3b06f4bfb3eea8dab01b1f74ee
SHA512

1d6cb4f548ad07cd05ae0aee6673042cca816f090bec08dfd95cd58e7204d515f82a05bbf81693c1ff06680d5437133c9d59d735f53e1d5c25fe1f7a1f214b97
SSDEEP

24576:kSMAyrJY6lcsYqMgA1PFCuEZyoX0ssz2Qq:kSMLJy

Score

1^/10

Malware Config

Signatures

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51D12DE6-B5D9-4EE0-9C23-9BCE0E7F6DC3}\Info	a981481a4a82bdeaa7039912cfec1c5b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	a981481a4a82bdeaa7039912cfec1c5b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	a981481a4a82bdeaa7039912cfec1c5b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51D12DE6-B5D9-4EE0-9C23-9BCE0E7F6DC3}	a981481a4a82bdeaa7039912cfec1c5b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51D12DE6-B5D9-4EE0-9C23-9BCE0E7F6DC3}\Info\Data = 0039003000350032003900330032002d0032003800300033003900310037003500370039002d0031003000300030005f0043004c004100530053004500e024000000002c00583e3100f83b0000ff07000000002c004800fc017f0700004800fc01f0352c00000a0000fcf81800a88bbe7700002c00583e31000000000000002c0000000000583e3100000000008c0a008644004300d03e31004800fc01500c3100003b000000002c0000000000583e3100f4f918009e38be7738012c007a38be770bcea5780000000000002c00603e31004500300045003700460036004400430033007d005c0049006e0066006f00f188a8006e0100002c0050012c0000000000300000000000000000000000e0fa180054fa1800340000c0a0f918001f62be77030000005fcea578340000c054fa0000e0fa180078f9180024fa180014fa1800cd1ec27757f9000ffeffffff2462be779622d67600000000c74816644cc154000000000000000000200000002cfa18009a0a00000000000018fa000132e7bd77603e31006200010114f918004cc154007cfa1800cd1ec277bfff000f00000000000000000000000018fa1800f87dbe7700000000000000000000000080133100e000e376060000000d097975000000000000000000000000acfa180000000000acfa1800b74bd67600000000bf4bd6764f4816642ce449004cf7540000c0540000000000000000000000000000000000791179750d097975801331000000000000000000c8fa1800000000000000000050235500000000004cf754000600000044fa1800f0fa1800f0fa18002341e0762bf9d812feffffffbf4bd676e304342e303000002ce44900db4effff0000000000000000f07843000000000000000000c026540024000000	a981481a4a82bdeaa7039912cfec1c5b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51D12DE6-B5D9-4EE0-9C23-9BCE0E7F6DC3}\Info\Data = 0002000000c02654009e753c771a0000007036310000000000d0f02f0010732c0030742c0028b83000d8772c0050354a00e8fa18003000000078fd1800cd1ec277b7e5000ffeffffff6ce3bd77d2e0bd77ffffff7f44fc18000d0000000c31420080000000000000000000000088fb18000001000000014000000000007cfb18000000000000fc1800cd1ec27737f9000f0000000000002c0028b8300001000000000040000000ffff1500000044fc1800e84044648cfc180068b030000100000020b8300000fc18000300bd77dc01070044fc18000004004020b830008cfc18000afd3b7700002c000000000028b830000c3142008000000072130000f00a5400d1974200d9974200940f1c00100b5400bbdc450060fc1800d2dc4500dadc4500180000001a00000028b830000000000044fc180001000000ac4a540078fc18004e3042003313000001000000000000000000000001000080cc314200000000000000000000040000c8fc180061d23b7780000080daf8bc777c0d3c77acfc1800180000000000000000000000000000000000000000000000000000000000000010fd18001a01bc77dcfc18000000000078fd18008000bc77120f1c0000000000c8813b7726833b77dc010700fcffffff120f1c0001000000d4265400dc010700a0c05400cc3142000000000028fd180025613c77dc010700fcffffff120f1c00fcfe54008c27540040c154000c564a0098080000141000006e274000d0fd1800972740009e274000d4265400b4275400b42754008c27540000000000acfd1800b32a4000d426540005464000a8fd18004823480050234800d0fd18008904342e3030490000c05400db4effff0000000054d549002400000000000000000000000000000000000000	a981481a4a82bdeaa7039912cfec1c5b.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2196	a981481a4a82bdeaa7039912cfec1c5b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2196	a981481a4a82bdeaa7039912cfec1c5b.exe

C:\Users\Admin\AppData\Local\Temp\a981481a4a82bdeaa7039912cfec1c5b.exe
"C:\Users\Admin\AppData\Local\Temp\a981481a4a82bdeaa7039912cfec1c5b.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tr3.ini

Filesize
6KB

MD5
bd06f96950717a91b6c0eb0ba10ec1ce

SHA1
d16ae13f51200068f57d4a829881ce9222c1e2db

SHA256
8cac35da75606d2bde6286f1f4a598ec017b27e25e3c7c233e2ebab8fc89a28f

SHA512
4751fb9c3a362e54b4682126de0183454dad3b07bb590502f0ee444db2aa49112778f5bc02fe36a3c5e5dd21b61788063af61fedfcfe954ca434670c1f50fc36

Download Submit
memory/2196-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2196-363-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2196-365-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads