Analysis Overview
SHA256
156ec408f979003db41868b217c48ab2122921421576f526e0d770832630997d
Threat Level: Shows suspicious behavior
The file dc90bb98d1bbd5ed624073261c00f74e was found to be: Shows suspicious behavior.
Malicious Activity Summary
ACProtect 1.3x - 1.4x DLL software
Loads dropped DLL
UPX packed file
Installs/modifies Browser Helper Object
Drops file in Program Files directory
Unsigned PE
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-21 20:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-21 20:38
Reported
2024-03-21 20:41
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635} | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ = "Flash module" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Flash\flash32.dll | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\ = "Flash Library" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\InprocServer32\ = "C:\\Program Files (x86)\\Adobe\\Flash\\flash32.dll" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\Programmable | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\TypeLib | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\TypeLib\ = "{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\CurVer\ = "Flash.Flash.1" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ProgID | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\VersionIndependentProgID\ = "Flash.Flash" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\Install = "OK" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash.1 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash.1\ = "Flash Class" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash.1\CLSID\ = "{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\CLSID | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash.1\CLSID | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\ = "Flash Class" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\CLSID\ = "{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\CurVer | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\0\win32\ = "C:\\Program Files (x86)\\Adobe\\Flash\\flash32.dll" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635} | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ProgID\ = "Flash.Flash.1" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3} | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ = "Flash Class" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe
"C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
Files
C:\Program Files (x86)\Adobe\Flash\flash32.dll
| MD5 | f4ba7968655ed7a8017bcf09c4e7478f |
| SHA1 | 7d46c4f77810be8462df7bd3dc4155b2dd83d21c |
| SHA256 | 3d3c9c1ad10aa3a70af77a8d89995925121322ae7494ddc52a7f79188b4d53fb |
| SHA512 | 069ba41b7526e0e6b483917d4e3c0fdf7f0e2bb9fde88b859959ba69fe8af04db34f3c9d5bcebcfacbbcba98a019b8d2fa01a45dd8020e90a7946f6acef972d6 |
memory/5100-3-0x0000000010000000-0x000000001002F000-memory.dmp
memory/5100-21596-0x0000000010000000-0x000000001002F000-memory.dmp
memory/5100-39241-0x0000000010000000-0x000000001002F000-memory.dmp
memory/5100-56850-0x0000000010000000-0x000000001002F000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-21 20:38
Reported
2024-03-21 20:41
Platform
win7-20240221-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635} | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ = "Flash module" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Flash\flash32.dll | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\CurVer | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\Install = "OK" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ProgID | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\CLSID | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\CLSID\ = "{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\TypeLib\ = "{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\ = "Flash Library" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3} | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\InprocServer32\ = "C:\\Program Files (x86)\\Adobe\\Flash\\flash32.dll" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\ = "Flash Class" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash.1 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash.1\CLSID | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\VersionIndependentProgID\ = "Flash.Flash" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\TypeLib | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\0\win32\ = "C:\\Program Files (x86)\\Adobe\\Flash\\flash32.dll" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ProgID\ = "Flash.Flash.1" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash.1\ = "Flash Class" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash.1\CLSID\ = "{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635} | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ = "Flash Class" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\Programmable | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Flash.Flash\CurVer\ = "Flash.Flash.1" | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe
"C:\Users\Admin\AppData\Local\Temp\dc90bb98d1bbd5ed624073261c00f74e.exe"
Network
Files
\Program Files (x86)\Adobe\Flash\flash32.dll
| MD5 | f4ba7968655ed7a8017bcf09c4e7478f |
| SHA1 | 7d46c4f77810be8462df7bd3dc4155b2dd83d21c |
| SHA256 | 3d3c9c1ad10aa3a70af77a8d89995925121322ae7494ddc52a7f79188b4d53fb |
| SHA512 | 069ba41b7526e0e6b483917d4e3c0fdf7f0e2bb9fde88b859959ba69fe8af04db34f3c9d5bcebcfacbbcba98a019b8d2fa01a45dd8020e90a7946f6acef972d6 |
memory/2004-3-0x0000000010000000-0x000000001002F000-memory.dmp
memory/2004-17375-0x0000000010000000-0x000000001002F000-memory.dmp