- From the Figure, whenever there is Name Not Found in result the operation is always RegqueryValue. We can deduce it is trying to check/query whether that particular reg key exists or not implying it requires some dependencies to check before performing something.
- It is setting AppCompatFlags, this registry keys used when the file want to make itself compatible with different versions of operating systems. Additionally, setting Shell Folder, which are used to set default location of some file types.
- From the registry changes, can’t able to know much but the file is trying to make query many thing and also trying to add wmi security key.
- Trying to RegOpenKey of its path however it was failing to do so.
From registry analysis, able to understand it requires some keys in registry to work. Hence, it is trying to query them and also trying to set some values and open its execution path.
- From the file logs, it seems to create the logs123.txt file, when we open that directory and file. We can see that there is file created with the name
- With api monitor understood persistence of it.
From this analysis, we can dig deeper using static code analysis as we know its functioning. It will help us in guiding.
