Overview
overview
10Static
static
4Adobe-Phot...op.exe
windows7_x64
Adobe-Phot...op.exe
windows10-2004_x64
10Adobe-Phot...ft.exe
windows7_x64
1Adobe-Phot...ft.exe
windows10-2004_x64
1Adobe-Phot...er.exe
windows7_x64
1Adobe-Phot...er.exe
windows10-2004_x64
1Adobe-Phot...er.exe
windows7_x64
1Adobe-Phot...er.exe
windows10-2004_x64
1Adobe-Phot...10.dll
windows7_x64
1Adobe-Phot...10.dll
windows10-2004_x64
1Adobe-Phot...??.dll
windows7_x64
3Adobe-Phot...??.dll
windows10-2004_x64
3Adobe-Phot...rv.dll
windows7_x64
3Adobe-Phot...rv.dll
windows10-2004_x64
3Adobe-Phot...er.dll
windows7_x64
1Adobe-Phot...er.dll
windows10-2004_x64
1Adobe-Phot...re.dll
windows7_x64
1Adobe-Phot...re.dll
windows10-2004_x64
1Adobe-Phot...PS.dll
windows7_x64
10Adobe-Phot...PS.dll
windows10-2004_x64
10Adobe-Phot...te.url
windows7_x64
1Adobe-Phot...te.url
windows10-2004_x64
1Adobe-Phot...al.pdf
windows7_x64
1Adobe-Phot...al.pdf
windows10-2004_x64
1Adobe-Phot...el.exe
windows7_x64
1Adobe-Phot...el.exe
windows10-2004_x64
1Adobe-Phot...64.exe
windows7_x64
1Adobe-Phot...64.exe
windows10-2004_x64
1Adobe-Phot...ll.dll
windows7_x64
1Adobe-Phot...ll.dll
windows10-2004_x64
1Adobe-Phot...64.dll
windows7_x64
10Adobe-Phot...64.dll
windows10-2004_x64
10Analysis
-
max time kernel
67s -
max time network
237s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-04-2022 22:06
Behavioral task
behavioral1
Sample
Adobe-Photoshop-CC-2022-1.4-main/Adobe Photoshop.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Adobe-Photoshop-CC-2022-1.4-main/Adobe Photoshop.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/Resources/products/packages/Program Files (x86)/Microsoft.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/Resources/products/packages/Program Files (x86)/Microsoft.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolui110.dll
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolui110.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv ? ?????.dll
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv ? ?????.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv.dll
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/CompatProvider.dll
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/CompatProvider.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral17
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCore.dll
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCore.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral19
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCorePS.dll
Resource
win7-20220414-en
Behavioral task
behavioral20
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCorePS.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral21
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
Resource
win7-20220414-en
Behavioral task
behavioral22
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral23
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
Resource
win7-20220414-en
Behavioral task
behavioral24
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
Resource
win10v2004-20220414-en
Behavioral task
behavioral25
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
Resource
win7-20220414-en
Behavioral task
behavioral26
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral27
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
Resource
win7-20220414-en
Behavioral task
behavioral28
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral29
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all.dll
Resource
win7-20220414-en
Behavioral task
behavioral30
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral31
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all64.dll
Resource
win7-20220414-en
Behavioral task
behavioral32
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all64.dll
Resource
win10v2004-20220414-en
General
-
Target
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCore.dll
-
Size
363KB
-
MD5
79905089a5314275bf6ec460e51b90fa
-
SHA1
ac866e2a717f935c5b0f9a2d03a0ba5853be1982
-
SHA256
70b3822c5eed203b66a732cc28a70f0d97041ba4b59782b01e6d764ee0a8e80f
-
SHA512
55ab86bbdfa0d8ad915c5f0d6c8ce5c49eb699fd305a94a974c996a2db6a3cc547ceac6ec737cb7f7ba71ab2805b9a18535ae3ddb582bd2c556958ddcbeeaeaa
Malware Config
Signatures
-
Modifies registry class 64 IoCs
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}\1.0\ = "Windows Deployment Imaging Service Management 1.0 Type Library" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8292388-8D1D-4C34-9A41-8763FCD304F7}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3BC3752E-74C5-46F0-B50C-12FF269D5BB1}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3B6BBFA2-F817-423B-A83C-103AD54615D4} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5DF7B1B0-93A5-4F03-8BCB-F39396899443}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{572F3374-7DAE-47AB-88AF-BD6CA29252FE} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31FC95C6-FBC9-4EB6-80FC-2672D6137BFE}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46CE4564-E88A-4EAE-BD7C-DA221F61E0C7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1AF61D22-D513-4417-8838-61F8724EDC4F}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{30EB8593-FA91-4948-ADF5-DC6A354F1873}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6757B45-14FC-42C1-9943-AC630A8B0E1B} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD7FC505-69BC-49CB-8C58-1D1DA547B7E2}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31FC95C6-FBC9-4EB6-80FC-2672D6137BFE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{671FCAAF-CF96-4B46-AC3D-7B968FBBCC3F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{705A28E2-A26F-4A43-8D82-A56941B5C250} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A064B65-3CEC-491B-A2D4-8D1D4DA6DECC}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E1CB72F-C47D-42EE-8CCA-4CEB35B3FE17}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B629EEF0-2060-43A0-A180-7D04351C3903}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{40E0E56D-3D1D-4F5C-B325-0121423677C6}\ = "IDismAppxPackageInfo" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2AE57C57-B894-4342-98E5-B627C6CEEAE6}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0EFD55A-17A8-413D-A53A-3C43AEF96C0E}\ = "_IDismEvents" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5BED6686-EEB7-40B7-97F9-FABCC5EFAEC2} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C551557-21C2-4907-BE82-35D7EEF5BB13}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E1CB72F-C47D-42EE-8CCA-4CEB35B3FE17}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7627187-C11B-42FC-91DB-4F46BD545374}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{517CDC5A-7A77-4356-81CA-D39F50658726}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50F2DDD7-90ED-4DB1-8EBA-3C995486AA0C}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED08F15D-D5F2-40BF-B08B-73A8456CA62D}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}\1.0\FLAGS\ = "0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{722DE115-1404-4BF8-BCEE-DE0B7B580671}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{722DE115-1404-4BF8-BCEE-DE0B7B580671}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7627187-C11B-42FC-91DB-4F46BD545374}\ = "IUnattend" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E6EB080-3384-4155-A4A7-5E43BBAFB2F3}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DADAD7BB-2B1D-4EDB-9014-B1912E1A2E3D}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9BB62BF9-01A0-49A7-BE40-FB5445B29BEF}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{572F3374-7DAE-47AB-88AF-BD6CA29252FE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E23A62-CD9F-4E41-ABD5-58D534BF374E} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{092187E4-09B8-46A3-87D5-1C9BC6ED8B5D}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F8EF44D0-94F1-4DFB-BAD8-7B13830BA06E} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{517CDC5A-7A77-4356-81CA-D39F50658726}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ECED57DF-5D67-440A-A3CD-B4F1B8B39D1A}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2AE57C57-B894-4342-98E5-B627C6CEEAE6}\ = "IDismGenericManager2" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9BB62BF9-01A0-49A7-BE40-FB5445B29BEF}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45554AF5-6058-4913-8E5F-C9B79D5995CF}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E1CB72F-C47D-42EE-8CCA-4CEB35B3FE17}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{80F63941-9464-4495-BAC3-51A49B20CE80}\ = "IDismAppxManager2" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5D8578F4-A3CF-40A9-8F54-D4EA887574A0} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A08538A6-B9FF-47C2-B228-B93612EF114B}\ = "IDismImageSession" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BC3752E-74C5-46F0-B50C-12FF269D5BB1}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{16FCF50B-1EB0-4ED3-9A5C-8A33C80F0D83}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7970DE73-63E8-43E9-9F61-81BDC748F29B}\ = "IDismImageInfo" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{407C0F0F-0540-4900-AFD2-52925246DCB3}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CC9ED95-CF41-4685-BEAA-70531031FEC4}\ = "IDismPackageManager2" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C1817AEF-4351-4721-9A62-5DEDA9DA246C}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ECED57DF-5D67-440A-A3CD-B4F1B8B39D1A}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C6ABC167-33B8-4A00-BE58-12EC5B013598}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EF3F6E13-25C0-40E7-A6D4-357FE61EF40A}\TypeLib\ = "{5D8578F4-A3CF-40A9-8F54-D4EA887574A0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{572F3374-7DAE-47AB-88AF-BD6CA29252FE}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BED6686-EEB7-40B7-97F9-FABCC5EFAEC2}\ = "IDismToken" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BC3752E-74C5-46F0-B50C-12FF269D5BB1}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CC9ED95-CF41-4685-BEAA-70531031FEC4}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5BED6686-EEB7-40B7-97F9-FABCC5EFAEC2}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D80D838A-0D57-428C-B898-265A7D244A67}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46CE4564-E88A-4EAE-BD7C-DA221F61E0C7}\ProxyStubClsid32 regsvr32.exe