5a35306cfdb2ee0e25e63b97ff2a4e4ee492fe84b9385ef6a936d1b833405259

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 14:25

Target

bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Size

70KB
MD5

bb7d89b8e5a56913c5aad1d3c8123a3d
SHA1

e875363d5727077506e6ca2d131b23622f5ca949
SHA256

5a35306cfdb2ee0e25e63b97ff2a4e4ee492fe84b9385ef6a936d1b833405259
SHA512

e538d8d335047664d5372fcf66c08a1f0b2fea0f01638884620c337d8c34b43bbbcc9b71a47bcfd425a875b35189bc623a04df48605be77bf85aad197460c646
SSDEEP

1536:kOAhZs+Ny7Fa4cmWaNI2Xs19AoY4tVsLMg9Xrz0IZ8Jrg3NUTBPhK:kOYGUNGQ9AoYVMg9X30rrgqVhK

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2204	bb7d89b8e5a56913c5aad1d3c8123a3d.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Help\BE924C2C.EXE	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
File opened for modification	C:\Windows\Help\BE924C2C.EXE	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
File created	C:\Windows\Help\BE924C2C.DLL	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
File opened for modification	C:\Windows\Help\BE924C2C.DLL	bb7d89b8e5a56913c5aad1d3c8123a3d.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}\ = "SSURL"	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}\InProcServer32	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}\InProcServer32\ = "C:\\Windows\\Help\\BE924C2C.DLL"	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}\InProcServer32\ThreadingModel = "Apartment"	bb7d89b8e5a56913c5aad1d3c8123a3d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2204	bb7d89b8e5a56913c5aad1d3c8123a3d.exe

\Windows\Help\BE924C2C.DLL

Filesize
56KB

MD5
7faa2402b61cbb3d9b83f32de349a249

SHA1
1b0dd5c5588b6c8e360ff8d1431843425f3e5618

SHA256
d387151ba08c94d54c4b2cc652bba029b92a05ff5fd1eb06e614073a12948f72

SHA512
7887398f8f5e650ea8cee7ce1d175002065ab035c113da3e3d637e184e560353ec9c0f7a9741349d97bda3d080f03e238d09ecf444816fd15c875f1dfc392e1c

Download Submit
memory/2204-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-10-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/2204-9-0x00000000003C0000-0x00000000003EC000-memory.dmp

Filesize
176KB

Download
memory/2204-6-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2204-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-12-0x00000000003C0000-0x00000000003EC000-memory.dmp

Filesize
176KB

Download
memory/2204-11-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download