2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Size

1.7MB
MD5

404f475ae57eceac5d1ac3e39087c10e
SHA1

5043d25f2d3ba9f8219512a4bd2ceeb77d9d76ac
SHA256

2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35
SHA512

099a21880c4d90a6f98a4c52585a3597795c7e6799a9c1389263ab5db0a7110d06a4dabe0c18ccc60ed0b5e04f61b6bd4bba6e8ef671d22cd05718e5f1686c6a
SSDEEP

24576:VUUYwXSuV41sCpWG7YjT1lzFrE64KCoccQd4nYs045TD:VQMSuAFpWGsgUCplHbMT

Score

1^/10

Malware Config

Signatures

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Kotato.AllVideoPlayer.playlist\shell	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\.playlist	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\.playlist\ = "Kotato.AllVideoPlayer.playlist"	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Wow6432Node	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Kotato.AllVideoPlayer.playlist\ = "Playlist"	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Kotato.AllVideoPlayer.playlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe,1"	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Kotato.AllVideoPlayer.playlist\shell\open\command	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Kotato.AllVideoPlayer.playlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe\" \"%1\""	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Wow6432Node\CLSID\{758D2268-26E1-46eb-91EE-2968C83F08CF}\ = 9d89bbb29c86d0aa9db0ccb09ccdbeccce86ccb29d8699b299af94cace86cbca9996becc9986d0b09b969d9f9d9598cb9d86becf9b96bfabce86cbca9dcc90cc9db0bece98868d9f9c968ccf9b968ccc9cbf99ae9db3bbd1ce86a79f9d96cbcb9d95c8b39bcc9d9f	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Kotato.AllVideoPlayer.playlist	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Kotato.AllVideoPlayer.playlist\DefaultIcon	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Wow6432Node\CLSID\{758D2268-26E1-46eb-91EE-2968C83F08CF}	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Wow6432Node\CLSID	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Kotato.AllVideoPlayer.playlist\shell\open	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2632	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
2632	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
2632	2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe

C:\Users\Admin\AppData\Local\Temp\2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe
"C:\Users\Admin\AppData\Local\Temp\2802e656b0719d61fabdb8cd3f807a37774488eaec1b6b91a7edf0729ebb4f35.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2632

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads