563d0e670d8ff0fb4cdf870452b30e945ef34c01f9c4d41a52d44e0066d2ce6b

Analysis

max time kernel
143s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Archivarius 3000/Archivarius3000.exe
Size

2.5MB
MD5

f74c7e5aac7bffb10a29c969c9417263
SHA1

43e43eb1e2a7d2ce9e58fd7c107e5a95330c125b
SHA256

2fdb9fb114fe9b6deb4adf958deb2436f59f779bb2ddaf6e75c2d5a4c7496adf
SHA512

b2f797e8828ad8ff4e04bf113eefe95cb70ac4527631d8b760729873a8c029d72401d3f7d632d5e30894527a0c7e8799c2887f76621bf402d2cfa96ac137d701
SSDEEP

49152:TiNAfpb+3bsbL6BD4US38JPAS9wHZAy184jfuBpTBOw/KC1nEpjKQa0jp:TiNARb8bsXVUS38pAS9IhrW3B5XW7p

Score

1^/10

Malware Config

Signatures

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\0\win64\	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\FLAGS\	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\Version\	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\ProgID\	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\ProgID\ = "MsTscAx.MsTscAx.1"	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\Programmable	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\FLAGS	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\ = "Jepece"	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\Version	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\InprocServer32	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\MiscStatus	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\MiscStatus\ = "0"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\0\win32	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\FLAGS\ = "0"	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\TypeLib	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\InprocServer32\	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\0	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\VersionIndependentProgID	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\Programmable\	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\InprocServer32\ = "%systemroot%\\SysWow64\\mstscax.dll"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\0\win32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\InkObj.dll"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\0\win64\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Ink\\InkObj.dll"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\TypeLib\ = "{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\VersionIndependentProgID\	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\VersionIndependentProgID\ = "MsTscAx.MsTscAx"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\Control\	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\Version\ = "1.0"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\Control	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\MiscStatus\	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\ProgID	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\ = "Microsoft Tablet PC Type Library, version 1.0"	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\0\	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Archivarius3000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\0\win64	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B1FB962-E871-48A5-398E-62D42C8A6127}\TypeLib\	Archivarius3000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20E3219F-9CC2-EC05-AF88-3D9D58F1779B}\1.0\0\win32\	Archivarius3000.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2956	Archivarius3000.exe
2956	Archivarius3000.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2956	Archivarius3000.exe
2956	Archivarius3000.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2956	Archivarius3000.exe
2956	Archivarius3000.exe
2956	Archivarius3000.exe

C:\Users\Admin\AppData\Local\Temp\Archivarius 3000\Archivarius3000.exe
"C:\Users\Admin\AppData\Local\Temp\Archivarius 3000\Archivarius3000.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3044,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:8
1⤵
PID:3304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2956-0-0x0000000000400000-0x0000000000D31000-memory.dmp

Filesize
9.2MB

Download
memory/2956-1-0x00000000029D0000-0x0000000002A00000-memory.dmp

Filesize
192KB

Download
memory/2956-3-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2956-2-0x00000000029A0000-0x00000000029A3000-memory.dmp

Filesize
12KB

Download
memory/2956-38-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/2956-37-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

Filesize
4KB

Download
memory/2956-36-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/2956-35-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/2956-34-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/2956-33-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/2956-32-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/2956-31-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/2956-30-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/2956-29-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/2956-28-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/2956-27-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/2956-26-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/2956-43-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/2956-42-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2956-41-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2956-40-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/2956-39-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download
memory/2956-25-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/2956-24-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/2956-23-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/2956-22-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/2956-21-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/2956-20-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/2956-19-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/2956-18-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/2956-17-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/2956-16-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/2956-15-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/2956-14-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/2956-13-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/2956-12-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/2956-11-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/2956-10-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2956-9-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/2956-65-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/2956-55-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/2956-54-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/2956-70-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2956-69-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/2956-68-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/2956-67-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/2956-53-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/2956-51-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/2956-48-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/2956-47-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/2956-46-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2956-45-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2956-44-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2956-64-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/2956-63-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/2956-62-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/2956-61-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2956-60-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/2956-59-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/2956-58-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2956-57-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/2956-56-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/2956-50-0x0000000003430000-0x0000000003431000-memory.dmp

Filesize
4KB

Download
memory/2956-52-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/2956-49-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/2956-8-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/2956-7-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/2956-6-0x0000000000F70000-0x0000000000F71000-memory.dmp

Filesize
4KB

Download
memory/2956-5-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/2956-4-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/2956-73-0x0000000003C10000-0x0000000003C11000-memory.dmp

Filesize
4KB

Download
memory/2956-72-0x0000000003C20000-0x0000000003C21000-memory.dmp

Filesize
4KB

Download
memory/2956-71-0x0000000000400000-0x0000000000D31000-memory.dmp

Filesize
9.2MB

Download
memory/2956-75-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/2956-74-0x0000000006450000-0x0000000006451000-memory.dmp

Filesize
4KB

Download
memory/2956-79-0x00000000066F0000-0x00000000066F2000-memory.dmp

Filesize
8KB

Download
memory/2956-78-0x00000000065C0000-0x00000000065F0000-memory.dmp

Filesize
192KB

Download
memory/2956-77-0x0000000006560000-0x000000000658D000-memory.dmp

Filesize
180KB

Download
memory/2956-76-0x0000000006560000-0x000000000658D000-memory.dmp

Filesize
180KB

Download
memory/2956-81-0x00000000065B0000-0x00000000065B1000-memory.dmp

Filesize
4KB

Download
memory/2956-80-0x00000000029D0000-0x0000000002A00000-memory.dmp

Filesize
192KB

Download
memory/2956-84-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download
memory/2956-83-0x0000000006560000-0x000000000658D000-memory.dmp

Filesize
180KB

Download
memory/2956-82-0x0000000000400000-0x0000000000D31000-memory.dmp

Filesize
9.2MB

Download
memory/2956-87-0x00000000065C0000-0x00000000065F0000-memory.dmp

Filesize
192KB

Download
memory/2956-97-0x0000000006560000-0x000000000658D000-memory.dmp

Filesize
180KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads