Analysis Overview
SHA256
6ff55bb999b7a726d73cad5b23d028dd0131d25a0ebdb6e4e1687428cd553838
Threat Level: Likely benign
The file a48c6c2b2d42d07ee754828150ffb1fa_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:05
Reported
2024-06-13 08:07
Platform
win7-20240508-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Launcher__3687.exe" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1\CLSID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Launcher__3687.exe\"" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib\ = "{5FA33402-9EA4-424A-BC66-B4976EA1DE32}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ = "IBoot" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib\ = "{5FA33402-9EA4-424A-BC66-B4976EA1DE32}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\ProgID\ = "giaour.nettled.1" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Version | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Version\ = "1.0" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ = "IBoot" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled\CurVer | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Version | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1\ = "Inst Class" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1\CLSID\ = "{8dd2b83c-d086-4f54-9607-634ccd46ca12}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Programmable | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Launcher__3687.exe" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\ProgID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled\CurVer | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\ = "InstallerLib" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Programmable | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1\CLSID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled\ = "Inst Class" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled\CurVer\ = "giaour.nettled.1" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\TypeLib\ = "{5fa33402-9ea4-424a-bc66-b4976ea1de32}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\ = "Inst Class" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\VersionIndependentProgID\ = "giaour.nettled" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.soledownload.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:05
Reported
2024-06-13 08:07
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Launcher__3687.exe" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Version\ = "1.0" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib\ = "{5FA33402-9EA4-424A-BC66-B4976EA1DE32}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1\CLSID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Version | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled\CurVer | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1\ = "Inst Class" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Version | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\ProgID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled\ = "Inst Class" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\ProgID\ = "giaour.nettled.1" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Programmable | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\ = "InstallerLib" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\ = "Inst Class" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\TypeLib\ = "{5fa33402-9ea4-424a-bc66-b4976ea1de32}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\ProgID | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ = "IBoot" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib\ = "{5FA33402-9EA4-424A-BC66-B4976EA1DE32}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\Programmable | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled\CurVer | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\VersionIndependentProgID\ = "giaour.nettled" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Launcher__3687.exe\"" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Launcher__3687.exe" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32} | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled.1\CLSID\ = "{8dd2b83c-d086-4f54-9607-634ccd46ca12}" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giaour.nettled\CurVer\ = "giaour.nettled.1" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\ = "IBoot" | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A63F25AF-40CB-4E51-8ABB-12A08E45BDC1}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8dd2b83c-d086-4f54-9607-634ccd46ca12}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA33402-9EA4-424A-BC66-B4976EA1DE32}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher__3687.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.keenondownload.com | udp |
Files
memory/3612-0-0x0000000002B20000-0x0000000002B21000-memory.dmp