5a35306cfdb2ee0e25e63b97ff2a4e4ee492fe84b9385ef6a936d1b833405259

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 14:25

Target

bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Size

70KB
MD5

bb7d89b8e5a56913c5aad1d3c8123a3d
SHA1

e875363d5727077506e6ca2d131b23622f5ca949
SHA256

5a35306cfdb2ee0e25e63b97ff2a4e4ee492fe84b9385ef6a936d1b833405259
SHA512

e538d8d335047664d5372fcf66c08a1f0b2fea0f01638884620c337d8c34b43bbbcc9b71a47bcfd425a875b35189bc623a04df48605be77bf85aad197460c646
SSDEEP

1536:kOAhZs+Ny7Fa4cmWaNI2Xs19AoY4tVsLMg9Xrz0IZ8Jrg3NUTBPhK:kOYGUNGQ9AoYVMg9X30rrgqVhK

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
1520	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
1520	bb7d89b8e5a56913c5aad1d3c8123a3d.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Help\BE924C2C.EXE	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
File opened for modification	C:\Windows\Help\BE924C2C.EXE	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
File created	C:\Windows\Help\BE924C2C.DLL	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
File opened for modification	C:\Windows\Help\BE924C2C.DLL	bb7d89b8e5a56913c5aad1d3c8123a3d.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}\ = "SSURL"	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}\InProcServer32	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}\InProcServer32\ = "C:\\Windows\\Help\\BE924C2C.DLL"	bb7d89b8e5a56913c5aad1d3c8123a3d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{975C92BE-0CF9-4D23-BFE4-0E58073CDC0C}\InProcServer32\ThreadingModel = "Apartment"	bb7d89b8e5a56913c5aad1d3c8123a3d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1520	bb7d89b8e5a56913c5aad1d3c8123a3d.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3244 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:8
1⤵
PID:5096

C:\Windows\Help\BE924C2C.DLL

Filesize
56KB

MD5
7faa2402b61cbb3d9b83f32de349a249

SHA1
1b0dd5c5588b6c8e360ff8d1431843425f3e5618

SHA256
d387151ba08c94d54c4b2cc652bba029b92a05ff5fd1eb06e614073a12948f72

SHA512
7887398f8f5e650ea8cee7ce1d175002065ab035c113da3e3d637e184e560353ec9c0f7a9741349d97bda3d080f03e238d09ecf444816fd15c875f1dfc392e1c

Download Submit
memory/1520-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1520-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1520-2-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/1520-11-0x0000000002180000-0x00000000021AC000-memory.dmp

Filesize
176KB

Download
memory/1520-13-0x0000000002180000-0x00000000021AC000-memory.dmp

Filesize
176KB

Download
memory/1520-14-0x0000000002180000-0x00000000021AC000-memory.dmp

Filesize
176KB

Download
memory/1520-15-0x0000000000500000-0x0000000000502000-memory.dmp

Filesize
8KB

Download
memory/1520-17-0x0000000002180000-0x00000000021AC000-memory.dmp

Filesize
176KB

Download
memory/1520-16-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1520-18-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/1520-44-0x0000000002180000-0x00000000021AC000-memory.dmp

Filesize
176KB

Download