Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
100383282038...bd.exe
windows7-x64
082060e332...76.exe
windows7-x64
101035f1b289...b8.exe
windows7-x64
624592b8814...b9.exe
windows7-x64
331459fd8f4...d2.exe
windows7-x64
103216f3b1bf...ae.exe
windows7-x64
43026556ea...97.exe
windows7-x64
14499426b05...8b.exe
windows7-x64
779271d57c5...61.exe
windows7-x64
7843cd39e4f...29.exe
windows7-x64
10847001fe67...7e.exe
windows7-x64
1902f0cb92e...ad.exe
windows7-x64
1994d023640...94.dll
windows7-x64
1a006d20ea6...6b.exe
windows7-x64
3aaf476e091...d5.exe
windows7-x64
8abb979296b...f1.dll
windows7-x64
7b630f84b45...86.exe
windows7-x64
1bd37f1c8f1...8e.exe
windows7-x64
1c086172b03...77.exe
windows7-x64
10c2a620243b...bb.exe
windows7-x64
1c3705bab83...3b.exe
windows7-x64
1c97d9bbc80...15.exe
windows7-x64
10cad20feffc...5d.exe
windows7-x64
5d01b92a1d7...c4.dll
windows7-x64
6d2a120aa4a...78.exe
windows7-x64
10d9f7e34bf8...f1.exe
windows7-x64
1da45ff208b...95.exe
windows7-x64
dd0d00fec6...c8.exe
windows7-x64
10e8ae1656c2...dc.exe
windows7-x64
5ed09a02045...0d.exe
windows7-x64
7f0c2927859...a6.exe
windows7-x64
9f3771ca98b...50.exe
windows7-x64
8Analysis
-
max time kernel
1557s -
max time network
1561s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/03/2024, 16:54
Behavioral task
behavioral1
Sample
0383282038e4b6b1daa69a9b71bfff42b8091a4004bbe780c98239ada99f77bd.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral3
Sample
1035f1b289e6d88148431da56ed5fb3c3d251b51f38bfd498690537e57a3c8b8.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral4
Sample
24592b881440b004bfcc51692deef734babdfc0cd5719826bd05ae678584bfb9.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral5
Sample
31459fd8f4ca241e9f2eedcaddf848d8be9eaa76f05102b30872eedbe6c250d2.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
3216f3b1bf985c045c18f16e00abcec112149ce8ecad190c620500f5cefb59ae.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral7
Sample
43026556eaa76df4544dd37cc1f708eb3df18b7e33969042b343c2b8be4ff697.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
4499426b05f7f17b48d3aa805681c53aed09b5b48e25c9070c08dbfae464698b.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral9
Sample
79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral10
Sample
843cd39e4f5024ef36fdc142bf2eb9d9dcc05f0b8f7f812d49ddac8a2bf83f29.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral11
Sample
847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
902f0cb92e46d9d3028a9e5b52975f66142648ac90007032aafa9b1e2b5263ad.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral13
Sample
994d02364001319f2a3fd9318a2f760c79d7dcfddb177940e22cb60765992094.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
a006d20ea64758a5219d6a8833a593d99b47c2301e17be2e07593c1565de086b.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral15
Sample
aaf476e09142ae0b67a0696e3c5d202cda7081c9365f352cfb82068a80e265d5.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
abb979296b15798893029044f06c97a2e98f4ec044c0c34ac27a0dd6bb0b0ff1.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral17
Sample
b630f84b4573831a769170ce7efe73a107b7cd457f499d29fbb622db5c717086.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral18
Sample
bd37f1c8f1a0b1333df616db123305e9c138eb3331c1fd66907d4e9df93a4a8e.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral19
Sample
c086172b03dbcdc6a782dfbbbf1b6b7f71551bc0d10e1044fcd3c7e880e83a77.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
c2a620243b8c161336d68aaccbb7972f083b3e8e30e0fcfaaf9413e46bcbf1bb.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral21
Sample
c3705bab837f5e68ab54a026bf6d23b454f9e6273c919f4d9c43db7c9c37a43b.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral22
Sample
c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral23
Sample
cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral24
Sample
d01b92a1d7e00f34549ee537989890699c7ac34c929ea381a4289e49e2d0e4c4.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral25
Sample
d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral26
Sample
d9f7e34bf8a82e137d47849c6397b51a5c127af99c4a843f8f8223687a05daf1.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral27
Sample
da45ff208be5e193a3da424f6025a3b257dff0c67fab84bd6a9028862fd5cb95.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
dd0d00fec6564d52ad291e8f8a99e981a31ba5fbb623076e8e2864f4591e9bc8.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral29
Sample
e8ae1656c225e8de8e57983db87738630d70036aae6cf1c2b486084edb4aa4dc.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral31
Sample
f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
f3771ca98b3a07606cda74128da5d4292572919418f3045196ea245ef63e9150.exe
Resource
win7-20240319-en
windows7-x64
General
-
Target
ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe
-
Size
566KB
-
MD5
b1b840a11642b166ac97fe2aea762504
-
SHA1
8e52bd5c7455af60d04f123e05291cf7c73fe0fd
-
SHA256
ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d
-
SHA512
4d64b1e8b5c7ed6ae818921384e79cc114e0413e8bb36d9f07c30fd85c92b6d1ffca3c31bd4ea2e9a07ef70e96af02ebfa30e4ba57541dd9de16eeafc534c14e
-
SSDEEP
12288:e8X3nehEBFf/Fv5gld3IUhghyUbaW41hD:eg32EPVgIGghyman1
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2368 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe -
Installs/modifies Browser Helper Object 2 TTPs 3 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\NoExplorer = "1" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5} ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\ = "Ogn_Hob" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\Common Files\Microsoft Shared\Speech\se317.dll ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{FF0FE70F-B832-42F1-BAFF-247753B5E452} ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\ = "se_Rab Class" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\ = "se" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\InprocServer32 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\Instance\InitPropertyBag ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5} ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\TypeLib\ = "{F552632F-867D-4052-B836-7F83A5302534}" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF28738F-B2FE-4315-8484-540B2033646D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F743CF0F-181C-4D72-B4EE-95435ED4B86B}\TypeLib\Version = "1.0" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\se_gov.Ogn_Rab.1 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\se_gov.Ogn_Rab.1\ = "Ogn_Rab Class" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\se_ard.DLLr ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\se_ard.DLLr\CLSID\ = "{FF0FE70F-B832-42F1-BAFF-247753B5E452}" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\ProgID ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\ProgID\ = "se_gov.Ogn_hob.1" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\VersionIndependentProgID ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F552632F-867D-4052-B836-7F83A5302534}\1.0\0 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F96FA29F-1BB6-47FC-AD21-72781B744DC3}\ = "se_gov" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\rs_adw.Ogn_hob\CurVer\ = "se_gov.Ogn_Hob.1" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F743CF0F-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\InprocServer32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Speech\\se317.dll" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\rs_adw.Ogn_hob\CLSID ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F552632F-867D-4052-B836-7F83A5302534}\1.0 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F743CF0F-181C-4D72-B4EE-95435ED4B86B}\ = "IOgn_Hob" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\ProgID\ = "se_gov.Ogn_Rab.1" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F552632F-867D-4052-B836-7F83A5302534}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Speech" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F96FA29F-1BB6-47FC-AD21-72781B744DC3} ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\se_ard.DLLr\ = "Ogn_Rab Class" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\VersionIndependentProgID ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\Implemented Categories ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\TypeLib ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\se_gov.Ogn_hob.1\CLSID ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F552632F-867D-4052-B836-7F83A5302534}\1.0\FLAGS\ = "0" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\se_gov.Ogn_Rab.1\CLSID\ = "{FF0FE70F-B832-42F1-BAFF-247753B5E452}" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\TypeLib\ = "{F552632F-867D-4052-B836-7F83A5302534}" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\se_gov.Ogn_hob.1 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\rs_adw.Ogn_hob\ = "Ogn_Hob Class" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\rs_adw.Ogn_hob\CLSID\ = "{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\ = "Ogn_Hob Class" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF28738F-B2FE-4315-8484-540B2033646D} ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF28738F-B2FE-4315-8484-540B2033646D}\TypeLib\ = "{F552632F-867D-4052-B836-7F83A5302534}" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\se_ard.DLLr\CurVer ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F743CF0F-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid32 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F743CF0F-181C-4D72-B4EE-95435ED4B86B}\TypeLib\Version = "1.0" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF28738F-B2FE-4315-8484-540B2033646D}\TypeLib\Version = "1.0" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\InprocServer32\ThreadingModel = "Apartment" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\se_gov.Ogn_hob.1\ = "Ogn_Hob Class" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\Programmable ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F552632F-867D-4052-B836-7F83A5302534}\1.0\ = "se_gov 1.0 Type Library" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FF28738F-B2FE-4315-8484-540B2033646D}\TypeLib\Version = "1.0" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF28738F-B2FE-4315-8484-540B2033646D}\TypeLib ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\se_gov.Ogn_Rab.1\CLSID ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\ProgID ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\VersionIndependentProgID\ = "se_gov.Ogn_hob" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FF28738F-B2FE-4315-8484-540B2033646D} ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF28738F-B2FE-4315-8484-540B2033646D}\ProxyStubClsid32 ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\Implemented Categories\{00021494-0000-0000-C000-000000000046} ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\VersionIndependentProgID\ = "se_gov.Ogn_Rab" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF0FE70F-B832-42F1-BAFF-247753B5E452}\Programmable ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\rs_adw.Ogn_hob ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\se_ard.DLLr\CurVer\ = "se_gov.Ogn_Rab.1" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1E59DF7-D7FC-4ED6-BC1D-D13BE02FE6C5}\TypeLib ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F552632F-867D-4052-B836-7F83A5302534}\1.0\HELPDIR ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F743CF0F-181C-4D72-B4EE-95435ED4B86B}\ = "IOgn_Hob" ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\se_ard.dll ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe"C:\Users\Admin\AppData\Local\Temp\ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe"1⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:2368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
424KB
MD5b6d3b7730694accf9cf6bb7f3d2c9a0f
SHA17df97c35cc2eb6f68a37c5e84c0337926f1b55ec
SHA256a0329cc7b7d6716cfbb92dc07cc8bafe17bae4fa6d0765b4f64fe272f08753d8
SHA512c982827c16b673cbf29c8788e7841b8a0e7c808268fd9065716b6c6f7b712d05fcbe75cda008fcc84dedd408189cec4b3d425839a6b9dcb066f63e76978aca4a