1d14500a00d5f63a796ae8002eaacb21ee3feb348ab52f3d74c85c0f914347c5 | Triage

Analysis

max time kernel
136s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 00:24

Sharing

Report Analysis Logs

General

Target

bin/FAXVIEW.exe
Size

92KB
MD5

597da6a4cfcf7e889903cc827cd109a1
SHA1

b5294a0d548cf8e0f4fb8ddb5ef6a6bcf2060f21
SHA256

3035ffffe970d488f22eb137cfe31fb1eabe40d97b9876788e0a6519a13a3099
SHA512

bf7ae8ebd654f452d4369b734583ffc69f85ae84d6e33c084852c513527a33aea52550bf838834dc1fac6714ef2923bf58082dfc3153fd14dc00011a39b8b8ea
SSDEEP

1536:hXRjuNffcgYlmDQAvqkLnG2Zlhq8cBwZI/bjssk:pRjuNffcgYlmDQIqinG2Zq89Kbjssk

Score

1^/10

Malware Config

Signatures

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\open\command	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell	FAXVIEW.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.fax\Fax.Document\ = "Fax Document"	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.fax\Fax.Document\ShellNew	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\DefaultIcon	FAXVIEW.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bin\\FAXVIEW.exe,1"	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\open	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\print	FAXVIEW.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\print\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bin\\FAXVIEW.exe /p \"%1\""	FAXVIEW.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\printto\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bin\\FAXVIEW.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""	FAXVIEW.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\ = "Fax Document"	FAXVIEW.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bin\\FAXVIEW.exe \"%1\""	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\print\command	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\printto\command	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Fax Document\shell\printto	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.fax\Fax.Document	FAXVIEW.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.fax	FAXVIEW.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.fax\Fax.Document\ShellNew\NullFile	FAXVIEW.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3540	FAXVIEW.exe
3540	FAXVIEW.exe

C:\Users\Admin\AppData\Local\Temp\bin\FAXVIEW.exe
"C:\Users\Admin\AppData\Local\Temp\bin\FAXVIEW.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads