Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    01-02-2022 09:57

General

  • Target

    82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e.dll

  • Size

    56KB

  • MD5

    0ad9430dd3f572de8cd0ca5a8abc37c0

  • SHA1

    fbb27806ed07da6acf8703494acc1da93aac08b9

  • SHA256

    82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e

  • SHA512

    6c6fda252eb50a62c79c73b20daaa13ef77325980eef1971fa7d2b6e0c303eee59346f63908377f3d3d921a8a22682b11016d628d695bb148a7a05109ff4db62

Score
8/10

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs
  • Modifies data under HKEY_USERS 41 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e.dll
      2⤵
        PID:1884
    • C:\Windows\System32\WaaSMedicAgent.exe
      C:\Windows\System32\WaaSMedicAgent.exe 3c57325c476be21879f76f8fc1abdf2a Z0ba7Q1OAEyu1wgVw9aMDg.0.1.0.0.0
      1⤵
      • Modifies data under HKEY_USERS
      PID:3492

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Persistence

    Registry Run Keys / Startup Folder

    1
    T1060

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads