d836b626e70c6e8dbe4a2f0d2e0d410cf84b343473743cc27e174220dfb9d633

Analysis

max time kernel
136s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

getradio.exe
Size

196KB
MD5

89037b1ad41cc1f1685560aaed862cf3
SHA1

5907e96008071028129a763b22180cbf8aec9a7c
SHA256

7be37215bc889925d9e0ec94b985a78a766eecffbc5bb2ec8294fc5ef1abba7a
SHA512

e3fccbffc33f53b51b09a4667d7f9a3c1e5549c907e326ad3c6a53556c7341d7eebdf5f4c4c4bf0dd006d4b240d75627d39ea7191ccc80668e9297c9823bbb5d
SSDEEP

3072:jhbUwx1ROANm4LbPhHjJ5spl3Hmwx1ROANm4LbPhH3b/:jhbZLtHjJSHHnLtH3b/

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ = "Microsoft Internet Transfer Control 6.0 (SP6)"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Control\	getradio.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\ = "1.0"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bkDLControl.ocx"	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}"	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0"	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents"	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)"	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Control	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ = "bkDLControl"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object"	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\ProxyStubClsid32	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ProxyStubClsid32	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\ProxyStubClsid32	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32	getradio.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\TypeLib\ = "{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\InprocServer32	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bkDLControl.ocx, 30000"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Implemented Categories	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0"	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\0	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\TypeLib\ = "{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\ProgID	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\VERSION	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\¹¤³Ì1.bkDLControl\Clsid\ = "{D97D589B-E6A5-4D73-8886-DDF05C712BB8}"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}	getradio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\FLAGS\ = "2"	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\HELPDIR	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\TypeLib	getradio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}	getradio.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1016	getradio.exe
1016	getradio.exe

C:\Users\Admin\AppData\Local\Temp\getradio.exe
"C:\Users\Admin\AppData\Local\Temp\getradio.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1016

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads