3a3ccd72e07241dc8037fa38626058f25767f9f7a78ee68a372632841004ee79

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 03:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DBFManager.exe
Size

1.4MB
MD5

1c049946735089036f664e195c384bdc
SHA1

51be44344e0649281585b8f7182a2bda5cedcba4
SHA256

f58001de63539de3ccee1f17ae5960c2c3eb382f590ef264cca7885271a96aef
SHA512

1c0f27408268ed5750fa93d7a80c48af64acd4139f78880ebde839fe38ab47578475070d3956921abdc9ed4deda2af8c3ce7e8ca7575689e017791465bc324f5
SSDEEP

24576:n3TlQecqWNtXw9vBw517N8MocQqpKp68HRXYA6TmnQEPY1478eADQloZytIfN8:nfcVNt4W5H1f46oRIibQm787DQztI18

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 36 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\InprocServer32\	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\FLAGS	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\Version	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\VersionIndependentProgID\	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\ProgID\ = "TpcCom.TabletManager.1"	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\0\win64\	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\HELPDIR\ = "%CommonProgramFiles%\\System\\msadc"	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\TypeLib\	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\InprocServer32	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\HELPDIR	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\ = "Odijarqev Ojensiq Iwagalog class"	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\Version\ = "1.5"	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\VersionIndependentProgID	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\0\win32\	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\FLAGS\	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\TypeLib	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\TypeLib\ = "{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}"	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\Version\	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\HELPDIR\	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\VersionIndependentProgID\ = "TpcCom.TabletManager"	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\ProgID\	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\ = "Microsoft Remote Data Services 6.0 Library"	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\0	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\0\win64	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\FLAGS\ = "0"	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\InprocServer32\ = "%CommonProgramFiles%\\Microsoft Shared\\Ink\\InkObj.dll"	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\0\win32	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\0\win32\ = "C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadco.dll"	DBFManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67510F51-B915-4689-FAB2-FD62BE45B485}\ProgID	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\0\	DBFManager.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37C193C0-D315-A3C7-EBB6-9415D8AAFABD}\1.5\0\win64\ = "C:\\Program Files\\Common Files\\System\\msadc\\msadco.dll"	DBFManager.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3320	DBFManager.exe
3320	DBFManager.exe
3320	DBFManager.exe
3320	DBFManager.exe

C:\Users\Admin\AppData\Local\Temp\DBFManager.exe
"C:\Users\Admin\AppData\Local\Temp\DBFManager.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3320-0-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/3320-1-0x0000000002640000-0x000000000268C000-memory.dmp

Filesize
304KB

Download
memory/3320-2-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/3320-9-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-8-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/3320-7-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/3320-6-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/3320-5-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/3320-4-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/3320-3-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/3320-61-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/3320-72-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-71-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-70-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/3320-69-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-68-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-67-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-66-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-65-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-64-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-63-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/3320-62-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-60-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/3320-59-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/3320-58-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/3320-57-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/3320-56-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-55-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/3320-54-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-53-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/3320-52-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-51-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/3320-50-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/3320-49-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/3320-48-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3320-47-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/3320-46-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-45-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-44-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-43-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-42-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-41-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-40-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-39-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-38-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-37-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-36-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-35-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-34-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-33-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-32-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-31-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-30-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-29-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-28-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-27-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-26-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-25-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-24-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-23-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-22-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-21-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-20-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-19-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-18-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-17-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-16-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3320-15-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-14-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-13-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-12-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-11-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-10-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/3320-73-0x0000000002DB0000-0x0000000002DB2000-memory.dmp

Filesize
8KB

Download
memory/3320-75-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/3320-74-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/3320-76-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/3320-77-0x0000000002640000-0x000000000268C000-memory.dmp

Filesize
304KB

Download
memory/3320-78-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3320-80-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download