33dcedef5afeaffca1a2113774842ea37f53f4b3c5d292cc574fbf8272b86369

Analysis

max time kernel
147s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 19:08

Target

c423141fb42695ca0490bc9da2199288.exe
Size

73KB
MD5

c423141fb42695ca0490bc9da2199288
SHA1

c5e68a38e9c6d548b76c2888ea29102202a7fbd2
SHA256

33dcedef5afeaffca1a2113774842ea37f53f4b3c5d292cc574fbf8272b86369
SHA512

530fdb90d238811752d3406bd9693e0f703fed70ba59d887a385dae493c0b3875498317a5e989e7aa133fe02cb2a2068ea0a3b952840a10b9c9606716a3a3f3b
SSDEEP

1536:Z45NKceou5seh8tgN3y6/N5pcVtefGonKOshCi3a:ZiK1ou5XhlC617cDzoGhL3

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
4768	c423141fb42695ca0490bc9da2199288.exe
4768	c423141fb42695ca0490bc9da2199288.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Debug\B831406A9770.dll	c423141fb42695ca0490bc9da2199288.exe
File opened for modification	C:\Windows\Debug\B831406A9770.dll	c423141fb42695ca0490bc9da2199288.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}	c423141fb42695ca0490bc9da2199288.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\ = "fsvdf"	c423141fb42695ca0490bc9da2199288.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32	c423141fb42695ca0490bc9da2199288.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ = "C:\\Windows\\Debug\\B831406A9770.dll"	c423141fb42695ca0490bc9da2199288.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ThrEaDiNgModEL = "aPaRTmEnT"	c423141fb42695ca0490bc9da2199288.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4768	c423141fb42695ca0490bc9da2199288.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 1576	4768	c423141fb42695ca0490bc9da2199288.exe	87
PID 4768 wrote to memory of 1576	4768	c423141fb42695ca0490bc9da2199288.exe	87
PID 4768 wrote to memory of 1576	4768	c423141fb42695ca0490bc9da2199288.exe	87
PID 4768 wrote to memory of 1964	4768	c423141fb42695ca0490bc9da2199288.exe	100
PID 4768 wrote to memory of 1964	4768	c423141fb42695ca0490bc9da2199288.exe	100
PID 4768 wrote to memory of 1964	4768	c423141fb42695ca0490bc9da2199288.exe	100

C:\Users\Admin\AppData\Local\Temp\c423141fb42695ca0490bc9da2199288.exe
"C:\Users\Admin\AppData\Local\Temp\c423141fb42695ca0490bc9da2199288.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:1576
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:1964

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
42B

MD5
f1914a6257e077626c59e07a8ce85f0d

SHA1
a030ae8b9cc0d743f903e2efee62a87b4cc49f07

SHA256
b1c3418e1316af7f986f2fa1ef30e4c0d1a6c37ba349b88bcecca2d33ad96137

SHA512
7dd041c71b41453d0687ee8734d97e42b1ad8b64bfa0c025d837bd2384df4fd4fbbf3fbe1c6e0b5800e4fa2749d171544abd92a17f2bfba66d9ba744e508ec6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
53B

MD5
2b1d12825d2a343f92c82062239a7c91

SHA1
fe7bfa43236af047980d708f8d010102e51f6dab

SHA256
b72bc9d4c525dc469239d4ed8f1b4c63307295cc4c65b5ef677e5517d40216ce

SHA512
2c979dfa18850e313690133a8007ed854f685a1196a1449056ea81cc348b357562f963709ad6de6c4df76f2fb7ff1b36e6e5ef0c226b2299dd84e03f32149c7e

Download Submit
C:\Windows\debug\B831406A9770.dll

Filesize
154KB

MD5
833dd68c763f5f851f78f34a7f3733ab

SHA1
c6b3f7404e3845985046416cedd2498af08dd234

SHA256
fd5181faaec66cbc7f11fb808220d626ee369c0aef7ff6a0ed9ee8aac6c02387

SHA512
8ef2071db75455e6898cf6b170b5797c9aa0358f4232c4f7dec7449802eb60832c79154a26ca21574916925ceb9ed043af54bf1c1f0fa20b7da352aacae357cb

Download Submit
memory/4768-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4768-11-0x0000000002290000-0x00000000022BB000-memory.dmp

Filesize
172KB

Download
memory/4768-15-0x0000000002290000-0x00000000022BB000-memory.dmp

Filesize
172KB

Download
memory/4768-16-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download