Overview
overview
7Static
static
7batchpurge/PURGE.exe
windows7-x64
1batchpurge/PURGE.exe
windows10-2004-x64
1batchpurge/XPCMD.dll
windows7-x64
1batchpurge/XPCMD.dll
windows10-2004-x64
1batchpurge...32.dll
windows7-x64
1batchpurge...32.dll
windows10-2004-x64
1batchpurge/purge.chm
windows7-x64
1batchpurge/purge.chm
windows10-2004-x64
1Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
17/04/2024, 15:30
Behavioral task
behavioral1
Sample
batchpurge/PURGE.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
batchpurge/PURGE.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
batchpurge/XPCMD.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
batchpurge/XPCMD.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
batchpurge/comdlg32.dll
Resource
win7-20240215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
batchpurge/comdlg32.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
batchpurge/purge.chm
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
batchpurge/purge.chm
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
batchpurge/PURGE.exe
-
Size
53KB
-
MD5
2df3efb77e2c9b3dc60335d89bbd1c11
-
SHA1
1ba7ec1994eae466938eeaf4da526399503091f9
-
SHA256
b2c040c0dfa67653c567f68faa1a631f492933b95e7710954f63a4538773101b
-
SHA512
8a79010f0c5de6353f3dfab3fdefe942881114da28d7313ea196270f92fa1155ac8e000ba0cdc52bf93aba407d17bb656f0daf4d8386c6eca1c5321413cf6dd9
-
SSDEEP
768:d64Y7WpIoZhvXIpaFaKlLfRhTPQ8ULXGqksRZta2HYuSxwgx4ha52v2EL+guTPeX:84Y7Wdz/IstLfLbcLXGORfa26Y5+q
Score
1/10
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\MiscStatus\1 PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\Implemented Categories PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1 PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\batchpurge\\comdlg32.ocx" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB} PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8ED8CCC1-8472-46D0-93E7-F66929B98442}\2.0\HELPDIR PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC4E055C-5AB4-4DB8-9FAF-1140E088C0B2}\TypeLib\Version = "2.0" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\ = "XPCmd.xpcmdbutton" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\batchpurge\\comdlg32.ocx, 1" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} PURGE.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB} PURGE.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB} PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer\ = "MSComDlg.CommonDialog.1" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version = "1.2" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32 PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{193A209F-16A6-410B-B9AD-5DEC573F7C58}\TypeLib\Version = "2.0" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\FLAGS\ = "2" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\Control PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{193A209F-16A6-410B-B9AD-5DEC573F7C58}\ProxyStubClsid PURGE.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB} PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\batchpurge\\comdlg32.ocx" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\InprocServer32 PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\ToolboxBitmap32 PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\MiscStatus\1\ = "135569" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\VERSION PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\batchpurge\\XPCMD.OCX, 30000" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC4E055C-5AB4-4DB8-9FAF-1140E088C0B2}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID\ = "{F9043C85-F6F2-101A-A3C9-08002B2F49FB}" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\ = "Common Dialog Open Property Page Object" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1} PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{193A209F-16A6-410B-B9AD-5DEC573F7C58} PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\batchpurge\\comdlg32.ocx" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel = "Apartment" PURGE.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB} PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{193A209F-16A6-410B-B9AD-5DEC573F7C58}\ProxyStubClsid32 PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48} PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\ = "Microsoft Common Dialog Control, version 6.0" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{193A209F-16A6-410B-B9AD-5DEC573F7C58}\TypeLib\Version = "2.0" PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32 PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ = "ICommonDialogEvents" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32 PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{8ED8CCC1-8472-46D0-93E7-F66929B98442}\2.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\batchpurge\\XPCMD.OCX" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC4E055C-5AB4-4DB8-9FAF-1140E088C0B2}\ProxyStubClsid32 PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9076B41A-F995-44DA-9B9F-8601255C7D48}\MiscStatus PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\CLSID PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID\ = "MSComDlg.CommonDialog.1" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB} PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{193A209F-16A6-410B-B9AD-5DEC573F7C58}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32 PURGE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\ = "Common Dialog Font Property Page Object" PURGE.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB} PURGE.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2264 PURGE.exe 2264 PURGE.exe