c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Size

1.4MB
MD5

19c0da525784077bbaaa2cb66b49ecf5
SHA1

945ce7aec1ddfef0c237a675180ebe8b18472398
SHA256

c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b
SHA512

2c207b5955ae31e7479ced9a9e553bd06c87318fdf896001f18e77d8c663cc1f26580de37de990c8c505308c86309b67f0fe69d7ecd8022e600dcd5eb83cf2f7
SSDEEP

24576:tvSnvIchq6I37h1lzFHE6l0d22QzfDKk0NKT9enz:tvSnfWk5dC/KkeKT2

Score

1^/10

Malware Config

Signatures

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Vitato.EasyVideoPlayer.playlist\DefaultIcon	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Vitato.EasyVideoPlayer.playlist\shell	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Vitato.EasyVideoPlayer.playlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe\" \"%1\""	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\.playlist	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\WOW6432Node\CLSID\{390F61DD-3F21-4e53-B2E7-509B2AADD258}\ = 9d89bbb29c86d0aa9db0ccb09ccdbeccce86ccb29d8699b299af94cace86cbca9996becb9d8689ae9db0d09f9d9598cb9d86becf9b96bfabce86cbca9dcc90cc9986d0ae9ccdcc9f9c968ccf9b968ccc9cbf99ae9db3bbd1ce86a79f9d96cbcb9d95c8b39bcc9d9f	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\.playlist\ = "Vitato.EasyVideoPlayer.playlist"	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\WOW6432Node\CLSID\{390F61DD-3F21-4e53-B2E7-509B2AADD258}	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Vitato.EasyVideoPlayer.playlist	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Vitato.EasyVideoPlayer.playlist\ = "Playlist"	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Vitato.EasyVideoPlayer.playlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe,1"	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Vitato.EasyVideoPlayer.playlist\shell\open\command	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Vitato.EasyVideoPlayer.playlist\shell\open	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4772	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
4772	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
4772	c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe

C:\Users\Admin\AppData\Local\Temp\c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe
"C:\Users\Admin\AppData\Local\Temp\c43bdcfeb5b04a4e9535a8811e5f41bc192b75252cfd42d89daaa0584fc2fa9b.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4772

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads