Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
15/06/2024, 13:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ngonesuporte.exe
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ngonesuporte.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
ngonesuporte.exe
-
Size
272KB
-
MD5
c100cd2853800616d64a55046bf5a2d0
-
SHA1
5097a87282bb966e18d58619abb451548b04605a
-
SHA256
7e36be29f4a4d5a27663a852e2498337866784f9938ce44d363021a3db705275
-
SHA512
9c9888ea8f91202f849cfea794cec55b46cac739a8ee6a2a771b8e528e298ffa40a9c0092011caf24917340232bff462a9654cf41b00388e68fea158aa975658
-
SSDEEP
3072:1fNClY+MFTKnFIS9zXaYww5ffe8O/K82e9Jrp0SbsiEtDRTp4jb0B0///o6iCw+U:hUjdKYvs7owkCZBQ
Score
1/10
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5E3CDAC5-DEF6-497D-A9EA-95628BF051BE}\ = "_clsEvento" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{140530D7-EE85-4F4C-9AFF-4F0BB0C18B05}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82D36DCC-192B-47B4-AC01-1E161F59A372}\Implemented Categories ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69FE49A8-BCDB-43B2-9A85-C591DF04944A}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A101878E-C91C-4A3C-AAD9-1A9207509C93}\Programmable ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4384B3C1-BC73-42F2-A7A4-E680A9749666}\ = "clsBarraProgressao" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{BB3EA3EE-CD7E-4BCC-8612-F116A2E122D1}\1.6\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngonesuporte.exe" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8332BDEE-A81B-42DC-A28F-B9EC03B85723}\Implemented Categories ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{283384B1-2D98-4165-B300-B4A5533E3867}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55B2F830-B229-417D-B7AA-840EAB22993C}\ProxyStubClsid32 ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{140530D7-EE85-4F4C-9AFF-4F0BB0C18B05}\TypeLib\ = "{BB3EA3EE-CD7E-4BCC-8612-F116A2E122D1}" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{671A5DF5-31B9-43AE-A5A2-210D6E5D049C}\Forward ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5E3CDAC5-DEF6-497D-A9EA-95628BF051BE}\ProxyStubClsid32 ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{724E1D47-CCDB-40C8-9534-2AA32C3F0EE2}\TypeLib ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsLicencas\ = "NGOneSuporte.clsLicencas" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{77E9B4FF-038E-4F1D-AA51-02B86D29FAB3}\ = "_clsGlobais" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB6224D9-5A48-4353-9919-1C28836D7717}\Forward ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{140530D7-EE85-4F4C-9AFF-4F0BB0C18B05}\ProxyStubClsid ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5720FE6F-2393-4ADA-9EDC-EE6469887762}\Forward ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4384B3C1-BC73-42F2-A7A4-E680A9749666}\ProxyStubClsid32 ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{140530D7-EE85-4F4C-9AFF-4F0BB0C18B05}\ = "__clsImportacaoDadosSAP" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{724E1D47-CCDB-40C8-9534-2AA32C3F0EE2}\VERSION ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{96CBFCF0-0D82-4BE4-8CF4-A319995B59BA}\TypeLib ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CBD60D98-75C2-471D-9D98-C67C65B6D57D} ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{15D84DD1-DAB9-4E29-A9F0-4E1E48511FC6}\Programmable ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B822A9D-E820-4150-958E-CABEA99BA796} ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}\TypeLib ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsArquivoMagnetico\ = "NGOneSuporte.clsArquivoMagnetico" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82D36DCC-192B-47B4-AC01-1E161F59A372}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA86C911-3256-4AA6-9C06-027395FB1CA8}\ProxyStubClsid32 ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{140530D7-EE85-4F4C-9AFF-4F0BB0C18B05} ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}\TypeLib\Version = "1.6" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B7136F0A-8D97-4F16-A2BB-8DC509873F4E}\TypeLib\ = "{BB3EA3EE-CD7E-4BCC-8612-F116A2E122D1}" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58088ACF-4B57-46C6-BC5D-714D77BF1897}\Forward\ = "{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{15F7B65F-FF29-4280-A967-F5DA2B47AE1B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AA86C911-3256-4AA6-9C06-027395FB1CA8}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9C9DE51F-4CD6-4F85-B846-9CA053173BE5}\Forward\ = "{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsTela ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82D36DCC-192B-47B4-AC01-1E161F59A372}\Programmable ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77E9B4FF-038E-4F1D-AA51-02B86D29FAB3}\ProxyStubClsid ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsBarraProgressao\Clsid\ = "{9B822A9D-E820-4150-958E-CABEA99BA796}" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15F7B65F-FF29-4280-A967-F5DA2B47AE1B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0EAD34F-A4D9-42C6-85AB-7BBEB989DCA8}\ = "clsRelFiscalSAP" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{15F7B65F-FF29-4280-A967-F5DA2B47AE1B}\ProxyStubClsid ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B7136F0A-8D97-4F16-A2BB-8DC509873F4E}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{96CBFCF0-0D82-4BE4-8CF4-A319995B59BA}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngonesuporte.exe" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8332BDEE-A81B-42DC-A28F-B9EC03B85723} ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5E3CDAC5-DEF6-497D-A9EA-95628BF051BE} ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6323DFAB-E2FC-47E2-B7AE-6A94BE5F8DAB} ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{656EF81D-6BCF-4F86-84A2-472CF91F194F}\ = "clsRelFiscalSAP" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77E9B4FF-038E-4F1D-AA51-02B86D29FAB3}\ = "_clsGlobais" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B7136F0A-8D97-4F16-A2BB-8DC509873F4E}\LocalServer32 ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8332BDEE-A81B-42DC-A28F-B9EC03B85723}\TypeLib ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8332BDEE-A81B-42DC-A28F-B9EC03B85723}\VERSION ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{283384B1-2D98-4165-B300-B4A5533E3867}\ProxyStubClsid ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{BB3EA3EE-CD7E-4BCC-8612-F116A2E122D1}\1.6 ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55B2F830-B229-417D-B7AA-840EAB22993C} ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{489ED982-2F89-4BA3-B708-0C2DAC6E38FE}\Forward ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AF6A90F2-E3CE-4714-B6DD-5D3890F85E07}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6323DFAB-E2FC-47E2-B7AE-6A94BE5F8DAB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}\ = "__clsRelFiscalSAP" ngonesuporte.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB6224D9-5A48-4353-9919-1C28836D7717}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB6224D9-5A48-4353-9919-1C28836D7717}\ProxyStubClsid32 ngonesuporte.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsLicencas\Clsid ngonesuporte.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1876 ngonesuporte.exe