40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Size

1.4MB
MD5

672163254074610a7c84772931572a79
SHA1

ae210a4956cff2f620ffd4c51be1fdd0d1791a7d
SHA256

40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d
SHA512

837069935a973f259975fed68a3919e7f0095838a9275c36d214e056c0ffbd632e9e3c80099a45e55ff5e2bd052bfea677c6d0cb4a9afc8d4f1b921ec1fe724a
SSDEEP

24576:YL59Z0MsvTL1lzFB9E6rEHgJHqK28xGJCTp:YL59uBCvHCA8fT

Score

1^/10

Malware Config

Signatures

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\RobinSoftware.SimpleVideoPlayer.playlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe,1"	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\RobinSoftware.SimpleVideoPlayer.playlist\shell\open\command	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\RobinSoftware.SimpleVideoPlayer.playlist\shell\open	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.playlist	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\WOW6432Node\CLSID\{5D751337-E937-4512-A519-89BE55EBB79F}	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\WOW6432Node\CLSID\{5D751337-E937-4512-A519-89BE55EBB79F}\ = 9d89bbb29cbf91ad9db08daa9db095afce86ccb29d8699b299af94cace86cbca9996becb9d8695ae9dcc9d9f9d9598cb9d86becf99bf91b3ce86cbca9dcc90cc999599ae9986bf9f9c968ccf9b968ccc9cbf91ae9c89bbd1ce86a79f9d96c8b29bcd88cf9dbfc89f	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\RobinSoftware.SimpleVideoPlayer.playlist	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\RobinSoftware.SimpleVideoPlayer.playlist\ = "Playlist"	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\RobinSoftware.SimpleVideoPlayer.playlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe\" \"%1\""	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.playlist\ = "RobinSoftware.SimpleVideoPlayer.playlist"	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\RobinSoftware.SimpleVideoPlayer.playlist\DefaultIcon	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\RobinSoftware.SimpleVideoPlayer.playlist\shell	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4472	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
4472	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
4472	40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe

C:\Users\Admin\AppData\Local\Temp\40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe
"C:\Users\Admin\AppData\Local\Temp\40965846154b91a783f4e7bf8323921c8d97775e25c21361a6fce82f02e0542d.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4472

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads