9583c2f328aa572284f7ba474df0f3b005714423f146b560dee55a9b7376a64f

Analysis

max time kernel
51s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ngonesuporte.exe
Size

272KB
MD5

c100cd2853800616d64a55046bf5a2d0
SHA1

5097a87282bb966e18d58619abb451548b04605a
SHA256

7e36be29f4a4d5a27663a852e2498337866784f9938ce44d363021a3db705275
SHA512

9c9888ea8f91202f849cfea794cec55b46cac739a8ee6a2a771b8e528e298ffa40a9c0092011caf24917340232bff462a9654cf41b00388e68fea158aa975658
SSDEEP

3072:1fNClY+MFTKnFIS9zXaYww5ffe8O/K82e9Jrp0SbsiEtDRTp4jb0B0///o6iCw+U:hUjdKYvs7owkCZBQ

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CBD60D98-75C2-471D-9D98-C67C65B6D57D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{283384B1-2D98-4165-B300-B4A5533E3867}\TypeLib	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{140530D7-EE85-4F4C-9AFF-4F0BB0C18B05}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66AAEE0C-5BCA-42E2-AA16-2C28815B1ED1}\ProxyStubClsid32	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66AAEE0C-5BCA-42E2-AA16-2C28815B1ED1}\Forward	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{489ED982-2F89-4BA3-B708-0C2DAC6E38FE}\ProxyStubClsid	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15F7B65F-FF29-4280-A967-F5DA2B47AE1B}	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4384B3C1-BC73-42F2-A7A4-E680A9749666}\ = "__clsBarraProgressao"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C941D0EC-662F-4996-97FA-919CF328CB89}\ProxyStubClsid	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BB3EA3EE-CD7E-4BCC-8612-F116A2E122D1}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}\TypeLib	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9C9DE51F-4CD6-4F85-B846-9CA053173BE5}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{724E1D47-CCDB-40C8-9534-2AA32C3F0EE2}\TypeLib\ = "{BB3EA3EE-CD7E-4BCC-8612-F116A2E122D1}"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5720FE6F-2393-4ADA-9EDC-EE6469887762}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A29B3E4E-1C2A-408D-BD81-D2CA1731F2D0}\ = "__clsArquivoMagnetico"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15D84DD1-DAB9-4E29-A9F0-4E1E48511FC6}\ProgID\ = "NGOneSuporte.clsGlobais"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6323DFAB-E2FC-47E2-B7AE-6A94BE5F8DAB}\TypeLib	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9C9DE51F-4CD6-4F85-B846-9CA053173BE5}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A101878E-C91C-4A3C-AAD9-1A9207509C93}\TypeLib	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsImportacaoDadosSAP\ = "NGOneSuporte.clsImportacaoDadosSAP"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDE9FE71-754B-42EC-B583-340F6CC92990}\TypeLib\ = "{BB3EA3EE-CD7E-4BCC-8612-F116A2E122D1}"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF6A90F2-E3CE-4714-B6DD-5D3890F85E07}\ = "clsRelFiscalSAP"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CBD60D98-75C2-471D-9D98-C67C65B6D57D}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15D84DD1-DAB9-4E29-A9F0-4E1E48511FC6}\TypeLib	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77E9B4FF-038E-4F1D-AA51-02B86D29FAB3}\ProxyStubClsid	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDE9FE71-754B-42EC-B583-340F6CC92990}\TypeLib	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB6224D9-5A48-4353-9919-1C28836D7717}\ProxyStubClsid32	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsImportacaoDadosSAP\Clsid\ = "{A101878E-C91C-4A3C-AAD9-1A9207509C93}"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96CBFCF0-0D82-4BE4-8CF4-A319995B59BA}\LocalServer32	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96CBFCF0-0D82-4BE4-8CF4-A319995B59BA}\Programmable	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{283384B1-2D98-4165-B300-B4A5533E3867}\TypeLib\Version = "1.6"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9C9DE51F-4CD6-4F85-B846-9CA053173BE5}\Forward\ = "{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82D36DCC-192B-47B4-AC01-1E161F59A372}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15D84DD1-DAB9-4E29-A9F0-4E1E48511FC6}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0DB1AF44-67EC-4F7A-B7B5-A1B18CB6213E}\ProxyStubClsid32	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}\TypeLib\ = "{BB3EA3EE-CD7E-4BCC-8612-F116A2E122D1}"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A29B3E4E-1C2A-408D-BD81-D2CA1731F2D0}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2AD9097-8BB2-446A-9DA6-DEF7F78ABA02}\ = "__clsRelFiscalSAP"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B7136F0A-8D97-4F16-A2BB-8DC509873F4E}\ProgID\ = "NGOneSuporte.clsRelFiscalSAP"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77E9B4FF-038E-4F1D-AA51-02B86D29FAB3}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B822A9D-E820-4150-958E-CABEA99BA796}\ProgID	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2F8A5F80-7A7D-4A7D-B72C-AF3446835D02}\ = "_clsMDFe"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B7136F0A-8D97-4F16-A2BB-8DC509873F4E}	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0DB1AF44-67EC-4F7A-B7B5-A1B18CB6213E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5E3CDAC5-DEF6-497D-A9EA-95628BF051BE}\TypeLib\Version = "1.6"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6323DFAB-E2FC-47E2-B7AE-6A94BE5F8DAB}\ProxyStubClsid32	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0EAD34F-A4D9-42C6-85AB-7BBEB989DCA8}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B7136F0A-8D97-4F16-A2BB-8DC509873F4E}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsGlobais\ = "NGOneSuporte.clsGlobais"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2F8A5F80-7A7D-4A7D-B72C-AF3446835D02}\TypeLib	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A101878E-C91C-4A3C-AAD9-1A9207509C93}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NGOneSuporte.clsGlobais\Clsid	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B822A9D-E820-4150-958E-CABEA99BA796}\Implemented Categories	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF6A90F2-E3CE-4714-B6DD-5D3890F85E07}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96CBFCF0-0D82-4BE4-8CF4-A319995B59BA}\TypeLib	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15D84DD1-DAB9-4E29-A9F0-4E1E48511FC6}\Programmable	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{283384B1-2D98-4165-B300-B4A5533E3867}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0DB1AF44-67EC-4F7A-B7B5-A1B18CB6213E}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15D84DD1-DAB9-4E29-A9F0-4E1E48511FC6}\LocalServer32	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6323DFAB-E2FC-47E2-B7AE-6A94BE5F8DAB}	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B7136F0A-8D97-4F16-A2BB-8DC509873F4E}\Implemented Categories	ngonesuporte.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B822A9D-E820-4150-958E-CABEA99BA796}\VERSION	ngonesuporte.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{283384B1-2D98-4165-B300-B4A5533E3867}\ = "clsBarraProgressao"	ngonesuporte.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3332	ngonesuporte.exe

C:\Users\Admin\AppData\Local\Temp\ngonesuporte.exe
"C:\Users\Admin\AppData\Local\Temp\ngonesuporte.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3332

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads