Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220331-en
  • submitted
    12-04-2022 02:28

General

  • Target

    0c3999d16bef72e7aacaa54d69826211e1afd6f9244a4d3cd7b770e9e99db927.dll

  • Size

    60KB

  • MD5

    409703046fb842601ea843829af0f41a

  • SHA1

    087e2af794c022b1cfa1dbe4a99baf16ead81bd1

  • SHA256

    0c3999d16bef72e7aacaa54d69826211e1afd6f9244a4d3cd7b770e9e99db927

  • SHA512

    237bf24534609add9b77d5f968fb23b5161d2075b6b2e482159c3a51e792e60fc6e34328c8a0520bc3408a2de2792e8e15eeaeba8c7886d2d338a06a185fc262

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 60 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0c3999d16bef72e7aacaa54d69826211e1afd6f9244a4d3cd7b770e9e99db927.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\0c3999d16bef72e7aacaa54d69826211e1afd6f9244a4d3cd7b770e9e99db927.dll
      2⤵
      • Modifies registry class
      PID:1980

Network

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1220-54-0x000007FEFBD51000-0x000007FEFBD53000-memory.dmp
    Filesize

    8KB

  • memory/1980-55-0x0000000000000000-mapping.dmp
  • memory/1980-56-0x0000000075901000-0x0000000075903000-memory.dmp
    Filesize

    8KB