Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13-03-2024 21:29
Static task
static1
Behavioral task
behavioral1
Sample
c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe
Resource
win10v2004-20240226-en
General
-
Target
c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe
-
Size
1.4MB
-
MD5
2d8802321fc9aacd12f0237cd9fdb323
-
SHA1
bba615a780b125006480357931c1e3d6e28fdf38
-
SHA256
c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4
-
SHA512
4d43b957be4bac0eae15d6ed2ca795a108b7be4ce6b4b9f5f0864856f147b739db26f1ee38e2921810638acb1c5bbebf664dd1dad26a937d914476b79069c6d6
-
SSDEEP
24576:UkSgwHdzCwss1lzFXE6GLbGmcAbsG8LlndZyyTwL:UkSgw1UvbGm7cldZXTW
Malware Config
Signatures
-
Modifies registry class 12 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\TubeMateSoftware.TubeMatePlayer.playlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe,1" c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\TubeMateSoftware.TubeMatePlayer.playlist\shell c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\TubeMateSoftware.TubeMatePlayer.playlist\shell\open c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\WOW6432Node\CLSID\{7F52DDB8-B6BC-4100-B621-126D1971E9EE} c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\WOW6432Node\CLSID\{7F52DDB8-B6BC-4100-B621-126D1971E9EE}\ = 9d89bbb29cbf91ad9db08daa9db095afce86ccb29d8699b299af94cace86cbca9996becc9996cfcc9996d09f9d9598cb9d86becf99bf91b3ce86cbca9dcc90cc9dbfccaa9d86cc9f9c968ccf9b968ccc9cbf91ae9c89bbd1ce86a79f9d96c8b29bcd88cf9dbfc89f c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\TubeMateSoftware.TubeMatePlayer.playlist c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Set value (str) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\TubeMateSoftware.TubeMatePlayer.playlist\ = "Playlist" c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\TubeMateSoftware.TubeMatePlayer.playlist\DefaultIcon c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Set value (str) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\.playlist\ = "TubeMateSoftware.TubeMatePlayer.playlist" c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\TubeMateSoftware.TubeMatePlayer.playlist\shell\open\command c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Set value (str) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\TubeMateSoftware.TubeMatePlayer.playlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe\" \"%1\"" c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\.playlist c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 444 c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe 444 c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe 444 c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe 444 c385d8358a34ada78b3b885b611bf4e843291c22f7f42371c29fa431bb0e58e4.exe