7e011570d601779068b38bdbba1fd980bae9194443fc945bf0a0ee0913162b0a

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 14:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Size

3.1MB
MD5

cba8b55b39e5d7488b3aa8cfd0a1f365
SHA1

ff00b33c5407b5c1c423827fdedef639e2a6a40e
SHA256

7e011570d601779068b38bdbba1fd980bae9194443fc945bf0a0ee0913162b0a
SHA512

f5f22bbc2268f980aa20f4736707a4865e8c09e17f4f2146fdce61b6b20fd57978418cc0ad6a74af04cb302cb4a756f3dcfb86790fd094d5aabda933899c7355
SSDEEP

49152:KfgdgSf1EhsjEG+qAwcPfdKz2GeY08VahmvcG4Kw8xL1VYEc53tTEn/buP3tc:ggdnEhs5AwcO508X4EhYdmuS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\VB5DB.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\msrepl35.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\odbcji32.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\actskin4.ocx	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\MSVBVM60.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\VB5DB.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\MSRD2X35.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\MSCOMCTL.OCX	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\vbajet32.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\MSRD2X35.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\threed32.ocx	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\TABCTL32.OCX	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\DAO350.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\MSCOMM32.OCX	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\threed32.ocx	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\msjet35.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\msjint35.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\vbajet32.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\DAO350.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\ODBCTL32.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\odbcji32.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\MSJTER35.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\msjet35.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\msjint35.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\msrepl35.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\MSJTER35.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\odbcjt32.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\actskin4.ocx	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\TABCTL32.OCX	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File created	C:\Windows\SysWOW64\MSCOMM32.OCX	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\MSVBVM60.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\odbcjt32.dll	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
File opened for modification	C:\Windows\SysWOW64\ODBCTL32.DLL	cba8b55b39e5d7488b3aa8cfd0a1f365.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBC73C94-337C-43CC-B52C-31EB9FA34013}\ = "SkinFreeForm Object"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\ = "EventParameter"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}\InprocServer32\ = "C:\\Windows\\SysWow64\\DAO350.DLL"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BA686AA-F7D3-101A-993E-0000C0EF6F5E}\Version\ = "1.0"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\TypeLib\Version = "6.0"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BA686AF-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSOption\ = "Threed Option Button Control"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E90-DF38-11CF-8E74-00A0C90F26F8}\ = "IMSComm"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0BA686BB-F7D3-101A-993E-0000C0EF6F5E}\ = "ISSPNCtrlEvents"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BA686AE-F7D3-101A-993E-0000C0EF6F5E}	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BA686C3-F7D3-101A-993E-0000C0EF6F5E}\Control	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BA686C2-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32\ = "C:\\Windows\\SysWow64\\threed32.ocx"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0944D16C-D0F4-4389-982A-A085595A9EB3}\Control	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}\TypeLib\Version = "1.1"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DAO.PrivateDBEngine.35	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BA686BA-F7D3-101A-993E-0000C0EF6F5E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5704C37-40DA-49EF-904B-97E5F5F9B1C5}\InprocServer32\ = "C:\\Windows\\SysWow64\\actskin4.ocx"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5954EA75-9BFA-461A-BD34-CEA3A861FF19}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\actskin4.ocx, 119"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3FC950C-7583-4377-BAD8-EFBEAA33273C}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0324960-2AAA-11CF-AD67-00AA00614F3E}	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0324960-2AAA-11CF-AD67-00AA00614F3E}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5604-2C6E-101B-82B6-000000000014}\ = "MSComm General Property Page Object"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0BA686C6-F7D3-101A-993E-0000C0EF6F5E}	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSRibbon\ = "Threed Group Push Button Control"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}\InprocServer32	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0944D16C-D0F4-4389-982A-A085595A9EB3}\ProgID\ = "ActiveSkin4.Skin.1"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC22770D-3343-4C56-8A8D-3E560475F655}\InprocServer32\ = "C:\\Windows\\SysWow64\\actskin4.ocx"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5954EA75-9BFA-461A-BD34-CEA3A861FF19}\MiscStatus\ = "0"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ = "DataObjectFiles"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\ = "ParentControls"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\VersionIndependentProgID\ = "MSCOMMLib.MSComm"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\TypeLib\Version = "6.0"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\TypeLib	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\TypeLib	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}\ = "LicenseInfo"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BA686B8-F7D3-101A-993E-0000C0EF6F5E}\ = "Threed Command Button Property Page"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3FC950C-7583-4377-BAD8-EFBEAA33273C}\TypeLib	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BA686C7-F7D3-101A-993E-0000C0EF6F5E}\ = "Threed Group Push Button Property Page"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.1"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C4-4442-11D1-8906-00A0C9110049}	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C4-4442-11D1-8906-00A0C9110049}\TypeLib	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0BA686AC-F7D3-101A-993E-0000C0EF6F5E}\ProxyStubClsid32	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0944D16C-D0F4-4389-982A-A085595A9EB3}\MiscStatus\ = "0"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0944D16C-D0F4-4389-982A-A085595A9EB3}\verb\1	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0BA686AC-F7D3-101A-993E-0000C0EF6F5E}\TypeLib	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0BA686C4-F7D3-101A-993E-0000C0EF6F5E}\TypeLib\ = "{0BA686C6-F7D3-101A-993E-0000C0EF6F5E}"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90F3D7B3-92E7-44BA-B444-6A8E2A3BC375}	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4921908C-7090-4D37-A6B3-FC447F08378A}	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\ProgID\ = "TabDlg.SSTab.1"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0BA686C6-F7D3-101A-993E-0000C0EF6F5E}\1.0\0\win32	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0BA686AC-F7D3-101A-993E-0000C0EF6F5E}\ = "ISSCBCtrlEvents"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BA686C5-F7D3-101A-993E-0000C0EF6F5E}	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A4FCCB0-DFF1-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DAO.TableDef.35	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\TypeLib	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BA686C3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32\ = "C:\\Windows\\SysWow64\\threed32.ocx"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5954EA75-9BFA-461A-BD34-CEA3A861FF19}\Version	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32\ThreadingModel = "Apartment"	cba8b55b39e5d7488b3aa8cfd0a1f365.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe
1404	cba8b55b39e5d7488b3aa8cfd0a1f365.exe

C:\Users\Admin\AppData\Local\Temp\cba8b55b39e5d7488b3aa8cfd0a1f365.exe
"C:\Users\Admin\AppData\Local\Temp\cba8b55b39e5d7488b3aa8cfd0a1f365.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\DAO350.DLL

Filesize
556KB

MD5
8888bdbd4e118d915d40a11748282bca

SHA1
4e8822d2242d175cc3d708843e2cd71b7ee7033d

SHA256
a4b20735be317a924d2e36707baaf911fbae890ca53c5044fb506f15d33bcb6d

SHA512
a96f5e72905571de84f515dd8a19c87d5143ead532bf01f0132da8262974bfaf910f24b466d49cd4ee83845fc65f02c273a550786854aec3e0f4fa713929b562

Download Submit
\Windows\SysWOW64\MSCOMM32.OCX

Filesize
101KB

MD5
2c6119da3993f410e74b15112f840cb0

SHA1
9d7aaffc0bcf955cc75d4ecc228b1ceda8a1856c

SHA256
51a1d6812e445c26c71465e2709e6d1ad587f8513002d662cd160f424f48b37c

SHA512
053ece4eb2ddba51c0d683a7afd439ed88605ab83619de738f7ad2495bfe9e9f16fc3b829c7fc9c779b50f039b9fad66d16aed520a5adfd1522a711073f78208

Download Submit
\Windows\SysWOW64\MSJTER35.DLL

Filesize
24KB

MD5
72f160302ee06a2cb12fa2ffa10ba3f0

SHA1
099e3c78f511665ca9e9db3acca5dc244bcb744f

SHA256
3430b3680415b494ba7eb41f7bc83933da68d364a94287b9c07384b2fe3dcb54

SHA512
5f794b9a48c82764b9790fd084933030cd5a34eaa6bff5a99d74f625015fa50f4918e3f80625537023ec253b7de390afda224a76622e0c41c371d45f744656b1

Download Submit
\Windows\SysWOW64\MSRD2X35.DLL

Filesize
246KB

MD5
954ceb4d7c7dc5e94ea237cf96d387a3

SHA1
6dfba7f606d75782bff9694c3b098ffb6d6da1ac

SHA256
66c74e4c9dbd1d33b22f63cd0318b72dea88f9dbb4d36a3383d3da20b037d42e

SHA512
f1d2913fb16c6f78bcc8e75ae17e08bf6d7b13cee0a1deab07372f97fce8d1a8347bb1bd289bbfc874eeb156eb9a4af10d4ca5aeb83a5057bd1caf765be93b58

Download Submit
\Windows\SysWOW64\ODBCTL32.DLL

Filesize
71KB

MD5
e5aef09ac350b41fc101c4fafcf788f8

SHA1
cfe051bcb50835f6b16b6e45b271dae443494601

SHA256
10dc690cdd8887a5b052dbfe10c5bba0750465a541a412d516aa0261b0c7de5a

SHA512
db800e170a915e252bf50c12bd7dc1fd21773607c5c8db76da8272b654c7825b056aa5212b4228d54f924cd20c7be64dec17b0790b01921db6fbcf6db33db3cc

Download Submit
\Windows\SysWOW64\TABCTL32.OCX

Filesize
204KB

MD5
2bae02cd88d9ef0c03bdab250904f802

SHA1
ff421bffb17f2dafdf028a198ed6e540e0c8dce9

SHA256
76f99cb0983a76385e55dca92577bb53de488aafdf0d6ffcbe03ec5fa85d15c5

SHA512
faed7f90b18bdacc68e44a145e81be967cac163d44cbfef6ec32d36b53c7ae57d3b8e7a5526c0d6f97226c19432c70c390068d505ed69c6f4ceaa9e63dda745e

Download Submit
\Windows\SysWOW64\VB5DB.DLL

Filesize
87KB

MD5
4c6f2d2ce86330335801f2982b26223e

SHA1
1c23bc50bc023d4fdcae6c8bce1bbeaaa4964061

SHA256
d7cf39e673a87fac5d5abaf81c572d422675b9f0fbe18d4eb4e7c20f3d3038cd

SHA512
603816af478bac34a0ab25ed67e2018d729d0fd0f48b3af2b1719e7f9251e613183417b93386932fa7337718b8d24d5bc005d65a9a2b9dc83dfdb2ccaad1b1ac

Download Submit
\Windows\SysWOW64\actskin4.ocx

Filesize
372KB

MD5
45495198498bfa74417318d7a9455993

SHA1
9b4ef93583a41a2ef504355f9294ed0c1192b645

SHA256
d351761f037834f4aba3130e043cb05636473b8603accb3d786d4d21c961565d

SHA512
694ddea762dadbc924f58acb1ccf59bd8233a947ded6b337cb1408e40796f6eeb3938c6274d3e2f1f698398d79c893b5c0bc18b173aff32533297e82f28893ed

Download Submit
\Windows\SysWOW64\msjet35.dll

Filesize
1.0MB

MD5
2bcb3e39703a69b0235ad937c0e4b1ac

SHA1
8a3a66c533f3e9361f698f280423dad4bfa7431b

SHA256
91dc7e10f4f97c0046b4b91b04b5195b95f3f0fd36260fa6433ef2ef623cb0dc

SHA512
500574ed6231d2354165052de53383190c7c187399991d3fb1ccb95709dc8cb795f4a9241d6da4f68f66ada5f1adc782786e6f2fd2a7a46252d0f9c599cefc03

Download Submit
\Windows\SysWOW64\msjint35.dll

Filesize
136KB

MD5
0b2fe7d80aa65475af3ecc9992a1d6f2

SHA1
0da878965cee2f38b25645e6b7c95553a9fa182c

SHA256
ddc3a3749258ae7e40c3ffc2289a52e85eb93bdf87b445db46e2a6ca5b437815

SHA512
09063dabd3824dfdf89cf6d2e47963bb234900403a1017ee0ad78821a568220798ad5c2a78bb638e840963957aae7b0a64cfbfdeca7a6a19cc424594f8cb6e14

Download Submit
\Windows\SysWOW64\msrepl35.dll

Filesize
405KB

MD5
87be086e054ccfdce2c7913d56cb4ca2

SHA1
d8f6b78c2c11bd023bd5a48238f1317a59c8be46

SHA256
0dd108a0ace7101e55e2991f37ebcefa1d0258763d121a04b5516f037c0de2c8

SHA512
7c6b92da42bdd081158509b5cd994347b7e5fb217686a23843b89de0b1b06c60db2883e0090c1ad9f09788561bcd4c72440894c83c8d290fcc6edc062f2216ac

Download Submit
\Windows\SysWOW64\threed32.ocx

Filesize
196KB

MD5
d331191fd8010de352e01f92908c0659

SHA1
69c2212c1439b44bec7e411b403983b2e10ebc82

SHA256
018f7482d71ac546edf2cd3a2a0d5aa5f1aaf4ebd4fd3da35f82372cea02cad1

SHA512
00f31f977168c64b88c63f9f55a94c52a1749bfe419026bee68423db1b3975bbb982db619fe099ae5a1a8cb48053f57717a80008b20c4e8d0ae96bc3ca268624

Download Submit
memory/1404-0-0x0000000000400000-0x00000000007CF000-memory.dmp

Filesize
3.8MB

Download
memory/1404-44-0x0000000000400000-0x00000000007CF000-memory.dmp

Filesize
3.8MB

Download
memory/1404-56-0x0000000000400000-0x00000000007CF000-memory.dmp

Filesize
3.8MB

Download
memory/1404-59-0x0000000000400000-0x00000000007CF000-memory.dmp

Filesize
3.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads