Overview
overview
8Static
static
82018051817...er.exe
windows7_x64
2018051817...er.exe
windows10_x64
GGLanguage_HTML.dll
windows7_x64
1GGLanguage_HTML.dll
windows10_x64
1atl100.dll
windows7_x64
1atl100.dll
windows10_x64
1iSignatureHTML.dll
windows7_x64
1iSignatureHTML.dll
windows10_x64
1iSignature...cx.dll
windows7_x64
1iSignature...cx.dll
windows10_x64
1msvcp100.dll
windows7_x64
3msvcp100.dll
windows10_x64
3msvcr100.dll
windows7_x64
3msvcr100.dll
windows10_x64
3CaLibraryPro.dll
windows7_x64
1CaLibraryPro.dll
windows10_x64
1GGLanguage.dll
windows7_x64
1GGLanguage.dll
windows10_x64
1GGLanguage_Pub.dll
windows7_x64
1GGLanguage_Pub.dll
windows10_x64
1GdiPlus.dll
windows7_x64
3GdiPlus.dll
windows10_x64
3GoldGridPublic.dll
windows7_x64
1GoldGridPublic.dll
windows10_x64
1KG_Crypt_API.dll
windows7_x64
1KG_Crypt_API.dll
windows10_x64
1KG_Crypt_COM_API.dll
windows7_x64
1KG_Crypt_COM_API.dll
windows10_x64
1KG_LicEnc.dll
windows7_x64
3KG_LicEnc.dll
windows10_x64
3MakeSignature.exe
windows7_x64
3MakeSignature.exe
windows10_x64
3Analysis
-
max time kernel
3s -
max time network
49s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
30-07-2021 09:06
Static task
static1
Behavioral task
behavioral1
Sample
20180518171910472/CAǩ��������/iSignatureǩ������/Installer.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral2
Sample
20180518171910472/CAǩ��������/iSignatureǩ������/Installer.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral3
Sample
GGLanguage_HTML.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral4
Sample
GGLanguage_HTML.dll
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral5
Sample
atl100.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral6
Sample
atl100.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral7
Sample
iSignatureHTML.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral8
Sample
iSignatureHTML.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral9
Sample
iSignatureHTMLAddin.ocx.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral10
Sample
iSignatureHTMLAddin.ocx.dll
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral11
Sample
msvcp100.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral12
Sample
msvcp100.dll
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral13
Sample
msvcr100.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral14
Sample
msvcr100.dll
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral15
Sample
CaLibraryPro.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral16
Sample
CaLibraryPro.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral17
Sample
GGLanguage.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral18
Sample
GGLanguage.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral19
Sample
GGLanguage_Pub.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral20
Sample
GGLanguage_Pub.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral21
Sample
GdiPlus.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral22
Sample
GdiPlus.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral23
Sample
GoldGridPublic.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral24
Sample
GoldGridPublic.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral25
Sample
KG_Crypt_API.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral26
Sample
KG_Crypt_API.dll
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral27
Sample
KG_Crypt_COM_API.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral28
Sample
KG_Crypt_COM_API.dll
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral29
Sample
KG_LicEnc.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral30
Sample
KG_LicEnc.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral31
Sample
MakeSignature.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral32
Sample
MakeSignature.exe
Resource
win10v20210410
windows10_x64
General
-
Target
CaLibraryPro.dll
-
Size
292KB
-
MD5
6f06fe635505abb6811885210c10b1bf
-
SHA1
62d5a79c575e8a12bbf6cc60999d172edf774368
-
SHA256
0318676264b86a477e3404ef0a09ce418768d8f893f6ccc44dbe072afe057ecd
-
SHA512
9eb256d0dee801e29d6097b5d15fdd55d15e76b44dfc52c3587a7b3bce709b319125e0ae34eb99f3284884ccc243add9a878fefa0f31a9de6f2f1d2a0fdadc1d
Malware Config
Signatures
-
Modifies registry class 64 IoCs
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}\1.0\HELPDIR regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo.1\CLSID\ = "{6EF8218C-BA23-421E-8BDA-B101FC829C53}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CaLibraryPro.dll, 106" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CaLibraryPro.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\AppID = "{7C3E0587-4C95-4D48-804C-6D9F2410C759}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo.1\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\Programmable regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\ToolboxBitmap32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\MiscStatus\ = "0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo\CLSID\ = "{6EF8218C-BA23-421E-8BDA-B101FC829C53}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\ = "CertificateInfo Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\MiscStatus\1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo\ = "CertificateInfo Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\TypeLib\ = "{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}\1.0\ = "CALibraryProLib" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\ = "_ICertificateInfoEvents" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\TypeLib\ = "{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo.1\ = "CertificateInfo Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo\CurVer\ = "CALibraryPro.CertificateInfo.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\MiscStatus\1\ = "131473" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CaLibraryPro.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\ = "_ICertificateInfoEvents" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\Version\ = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}\1.0\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}\1.0\0\win32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\TypeLib\ = "{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\Control regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\MiscStatus regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\Version regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\TypeLib\ = "{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\ProgID\ = "CALibraryPro.CertificateInfo.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CALibraryPro.CertificateInfo.1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01945DE4-FA63-4DCA-8182-B3DE09D2D440}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33D58D22-F0F4-475F-A7F3-59C8016BB56A}\TypeLib\ = "{D60ACE81-78F1-42D8-A8B1-3E3BD3761AFB}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EF8218C-BA23-421E-8BDA-B101FC829C53}\TypeLib regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1672 wrote to memory of 1208 1672 regsvr32.exe regsvr32.exe PID 1672 wrote to memory of 1208 1672 regsvr32.exe regsvr32.exe PID 1672 wrote to memory of 1208 1672 regsvr32.exe regsvr32.exe PID 1672 wrote to memory of 1208 1672 regsvr32.exe regsvr32.exe PID 1672 wrote to memory of 1208 1672 regsvr32.exe regsvr32.exe PID 1672 wrote to memory of 1208 1672 regsvr32.exe regsvr32.exe PID 1672 wrote to memory of 1208 1672 regsvr32.exe regsvr32.exe