68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625

Analysis

max time kernel
91s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Size

1.4MB
MD5

f34c2a36483965fe7bb575fa3b2ce29c
SHA1

4df11aaae3d20aad8df8937785df44fef2747091
SHA256

68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625
SHA512

ba80d534a0cf8461408531652b0ccda25a40f1680d673d2139d8a9eaddddb99064bce5738bd5d06e8913576b5db953671a447fc926b46a62fa4167d5ebb384c4
SSDEEP

6144:OMCHytAAPSqynNlzgvALqOOk5ctGNzsEEajnZvMUtk5BCbh:O8tIn/zF0gctssadvMUO5BCbh

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\Software\CLASSES\CID\{36004E00-3900-6500-2F00-4E0063004F00}	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Key created	\REGISTRY\USER\Software	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES\CID	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CID	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Software\CLASSES\CID\{36004E00-3900-6500-2F00-4E0063004F00}	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Software	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES\CID\{36004E00-3900-6500-2F00-4E0063004F00}	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES\CID\{36004E00-3900-6500-2F00-4E0063004F00}\1 = "WC6s9d1Uk4GrSCCNY7elbYf1XZMlNW5u3H9NHiXVWHJrKf8qabn+ePdXrUnqKPTo8g+D4qyy3buptSOrtGojBLQhK2PWDUEEGJKeYmUoznr0RMUWUPhximLXHQbcQWfLdJsD7oIvwOdSuH9AMVAb5hdm09JDhQTFaQg0Cf8VbZ6lzyWCX1eJYqQkQ/6M6EREGEICN4hwDCfl+evVw/i0XxVrsiXfaTS0AuqBuXF50pEibCPnviNzBkx3icQhM5sZIGk9eXXaNWE5BGff1xKBVbAud6410bLfUme3H0+kMpkKxwJpZqE5YYhDXA7ZBBacOrRGs3Uz4MwFCB0Vz+X93xOPkLtegzjuq2wOJbZbWPHUjXf7FdkdliqZxv0mV+g+Z68FWPPBJnrCT88omMPnNNQhVKqb578Ja2RpZLlyHje/5VU3ZeLvVaZ7YYp/4fyY22O6MrFH1z75tWyceDDuCyzNSR3P5e6OCiQLyuO3HLAD9Fu+RVymd2wqgA1RKLH8"	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\CID\{36004E00-3900-6500-2F00-4E0063004F00}	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CID\{36004E00-3900-6500-2F00-4E0063004F00}\1 = "WC6s9d1Uk4GrSCCNY7elbYf1XZMlNW5u3H9NHiXVWHJrKf8qabn+ePdXrUnqKPTo8g+D4qyy3buptSOrtGojBLQhK2PWDUEEGJKeYmUoznr0RMUWUPhximLXHQbcQWfLdJsD7oIvwOdSuH9AMVAb5hdm09JDhQTFaQg0Cf8VbZ6lzyWCX1eJYqQkQ/6M6EREGEICN4hwDCfl+evVw/i0XxVrsiXfaTS0AuqBuXF50pEibCPnviNzBkx3icQhM5sZIGk9eXXaNWE5BGff1xKBVbAud6410bLfUme3H0+kMpkKxwJpZqE5YYhDXA7ZBBacOrRGs3Uz4MwFCB0Vz+X93xOPkLtegzjuq2wOJbZbWPHUjXf7FdkdliqZxv0mV+g+Z68FWPPBJnrCT88omMPnNNQhVKqb578Ja2RpZLlyHje/5VU3ZeLvVaZ7YYp/4fyY22O6MrFH1z75tWyceDDuCyzNSR3P5e6OCiQLyuO3HLAD9Fu+RVymd2wqgA1RKLH8"	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CID\{36004E00-3900-6500-2F00-4E0063004F00}	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CID\{36004E00-3900-6500-2F00-4E0063004F00}\1 = "WC6s9d1Uk4GrSCCNY7elbYf1XZMlNW5u3H9NHiXVWHJrKf8qabn+ePdXrUnqKPTo8g+D4qyy3buptSOrtGojBLQhK2PWDUEEGJKeYmUoznr0RMUWUPhximLXHQbcQWfLdJsD7oIvwOdSuH9AMVAb5hdm09JDhQTFaQg0Cf8VbZ6lzyWCX1eJYqQkQ/6M6EREGEICN4hwDCfl+evVw/i0XxVrsiXfaTS0AuqBuXF50pEibCPnviNzBkx3icQhM5sZIGk9eXXaNWE5BGff1xKBVbAud6410bLfUme3H0+kMpkKxwJpZqE5YYhDXA7ZBBacOrRGs3Uz4MwFCB0Vz+X93xOPkLtegzjuq2wOJbZbWPHUjXf7FdkdliqZxv0mV+g+Z68FWPPBJnrCT88omMPnNNQhVKqb578Ja2RpZLlyHje/5VU3ZeLvVaZ7YYp/4fyY22O6MrFH1z75tWyceDDuCyzNSR3P5e6OCiQLyuO3HLAD9Fu+RVymd2wqgA1RKLH8"	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp:{36004E00-3900-6500-2F00-4E0063004F00}	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
File created	C:\Users\Admin\Documents\My Music:{36004E00-3900-6500-2F00-4E0063004F00}	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
File created	C:\PerfLogs:{36004E00-3900-6500-2F00-4E0063004F00}	68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe

C:\Users\Admin\AppData\Local\Temp\68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe
"C:\Users\Admin\AppData\Local\Temp\68fea0797c63192cd3a63400583a6c86293d6758ef9ae399476d28923d34d625.exe"
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- NTFS ADS
PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5072-1-0x00007FFB795C3000-0x00007FFB795C5000-memory.dmp

Filesize
8KB

Download
memory/5072-0-0x000001A7595C0000-0x000001A759728000-memory.dmp

Filesize
1.4MB

Download
memory/5072-2-0x00007FFB795C0000-0x00007FFB7A081000-memory.dmp

Filesize
10.8MB

Download
memory/5072-7-0x00007FFB795C0000-0x00007FFB7A081000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads