Overview
overview
10Static
static
4Adobe-Phot...op.exe
windows7_x64
Adobe-Phot...op.exe
windows10-2004_x64
10Adobe-Phot...ft.exe
windows7_x64
1Adobe-Phot...ft.exe
windows10-2004_x64
1Adobe-Phot...er.exe
windows7_x64
1Adobe-Phot...er.exe
windows10-2004_x64
1Adobe-Phot...er.exe
windows7_x64
1Adobe-Phot...er.exe
windows10-2004_x64
1Adobe-Phot...10.dll
windows7_x64
1Adobe-Phot...10.dll
windows10-2004_x64
1Adobe-Phot...??.dll
windows7_x64
3Adobe-Phot...??.dll
windows10-2004_x64
3Adobe-Phot...rv.dll
windows7_x64
3Adobe-Phot...rv.dll
windows10-2004_x64
3Adobe-Phot...er.dll
windows7_x64
1Adobe-Phot...er.dll
windows10-2004_x64
1Adobe-Phot...re.dll
windows7_x64
1Adobe-Phot...re.dll
windows10-2004_x64
1Adobe-Phot...PS.dll
windows7_x64
10Adobe-Phot...PS.dll
windows10-2004_x64
10Adobe-Phot...te.url
windows7_x64
1Adobe-Phot...te.url
windows10-2004_x64
1Adobe-Phot...al.pdf
windows7_x64
1Adobe-Phot...al.pdf
windows10-2004_x64
1Adobe-Phot...el.exe
windows7_x64
1Adobe-Phot...el.exe
windows10-2004_x64
1Adobe-Phot...64.exe
windows7_x64
1Adobe-Phot...64.exe
windows10-2004_x64
1Adobe-Phot...ll.dll
windows7_x64
1Adobe-Phot...ll.dll
windows10-2004_x64
1Adobe-Phot...64.dll
windows7_x64
10Adobe-Phot...64.dll
windows10-2004_x64
10Analysis
-
max time kernel
75s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-04-2022 22:06
Behavioral task
behavioral1
Sample
Adobe-Photoshop-CC-2022-1.4-main/Adobe Photoshop.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Adobe-Photoshop-CC-2022-1.4-main/Adobe Photoshop.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/Resources/products/packages/Program Files (x86)/Microsoft.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/Resources/products/packages/Program Files (x86)/Microsoft.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolui110.dll
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolui110.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv ? ?????.dll
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv ? ?????.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv.dll
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/CompatProvider.dll
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/CompatProvider.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral17
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCore.dll
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCore.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral19
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCorePS.dll
Resource
win7-20220414-en
Behavioral task
behavioral20
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCorePS.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral21
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
Resource
win7-20220414-en
Behavioral task
behavioral22
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral23
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
Resource
win7-20220414-en
Behavioral task
behavioral24
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
Resource
win10v2004-20220414-en
Behavioral task
behavioral25
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
Resource
win7-20220414-en
Behavioral task
behavioral26
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral27
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
Resource
win7-20220414-en
Behavioral task
behavioral28
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral29
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all.dll
Resource
win7-20220414-en
Behavioral task
behavioral30
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral31
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all64.dll
Resource
win7-20220414-en
Behavioral task
behavioral32
Sample
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/Program Files (x86)/ASIO4ALL v2/asio4all64.dll
Resource
win10v2004-20220414-en
General
-
Target
Adobe-Photoshop-CC-2022-1.4-main/packages/packages/DismCorePS.dll
-
Size
151KB
-
MD5
b660794b7cfdc709e2e7f5f6ae2da336
-
SHA1
aad485e91300bdfe2692623690e8a6b4f72caa7e
-
SHA256
c9028ee0dda7e53254db71472b3cef96e13931d97a1ae2919446c4b946cbc22d
-
SHA512
e68ca373ff4b363368f4fe61dbe939cafcd4e2cc675d5babb937948593fb0527340da63d5b2617659af5fe04ed99174be42ffbf6142a8986266fdadf99d46d00
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs
-
Modifies registry class 64 IoCs
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E39092-53DF-42B6-89B4-FBA12662EAD1}\NumMethods\ = "10" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{88D4518A-41A8-49B0-A087-A3D6FC1D298E}\ = "IDismPropertyCollection" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F8EF44D0-94F1-4DFB-BAD8-7B13830BA06E} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C1817AEF-4351-4721-9A62-5DEDA9DA246C}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931FC35D-0976-48B8-8BDE-B5954AADD3F2}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{13A81F76-50E2-11E0-B744-00123F3FC6DD}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE104C14-65E6-43B3-AA56-F07B5E57D81F} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45554AF5-6058-4913-8E5F-C9B79D5995CF}\NumMethods\ = "10" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{16FCF50B-1EB0-4ED3-9A5C-8A33C80F0D83}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E1C59A6-272F-4212-A6D3-8DC6CDDF813A}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E40DD35A-89E1-4619-AD21-EF97D29B5D00}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05BD25AF-F5D6-4246-9F91-94B187BC2BF4}\NumMethods regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED08F15D-D5F2-40BF-B08B-73A8456CA62D}\NumMethods\ = "10" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E23A62-CD9F-4E41-ABD5-58D534BF374E}\NumMethods\ = "10" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E39092-53DF-42B6-89B4-FBA12662EAD1}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{572F3374-7DAE-47AB-88AF-BD6CA29252FE}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05BD25AF-F5D6-4246-9F91-94B187BC2BF4}\ = "ITransmogrify" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{75CAE0D9-716D-4E62-931D-BDFA3DBBD42E}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2C60889-8E0F-4A21-9F5B-E80F0B13C8D8}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D80D838A-0D57-428C-B898-265A7D244A67}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E23A62-CD9F-4E41-ABD5-58D534BF374E}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1AF61D22-D513-4417-8838-61F8724EDC4F}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E1CB72F-C47D-42EE-8CCA-4CEB35B3FE17}\NumMethods\ = "10" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE33A527-42FE-43A4-AC5E-C1D059FC705F}\InProcServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{092187E4-09B8-46A3-87D5-1C9BC6ED8B5D}\ = "IDismCompatManager" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BC3752E-74C5-46F0-B50C-12FF269D5BB1}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45554AF5-6058-4913-8E5F-C9B79D5995CF}\NumMethods regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{40E0E56D-3D1D-4F5C-B325-0121423677C6}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3F237D6-8F3C-4443-925A-ABF44807690C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A08538A6-B9FF-47C2-B228-B93612EF114B}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ECED57DF-5D67-440A-A3CD-B4F1B8B39D1A}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46CE4564-E88A-4EAE-BD7C-DA221F61E0C7} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18CAABCD-EB4C-4DF3-9FF1-B5D24E655F33}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B49A069-56A5-48EB-9D9F-E9E42478149A}\ = "IDismOSServiceManager" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8817CB2A-E80A-480B-A7B4-2232443A9E4B} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{88D4518A-41A8-49B0-A087-A3D6FC1D298E}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A064B65-3CEC-491B-A2D4-8D1D4DA6DECC} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C6ABC167-33B8-4A00-BE58-12EC5B013598}\ = "ITransmogrify2" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B629EEF0-2060-43A0-A180-7D04351C3903}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{40E0E56D-3D1D-4F5C-B325-0121423677C6}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8817CB2A-E80A-480B-A7B4-2232443A9E4B}\ = "IDismManagerPrivate" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2114DAEC-42FD-4847-8A04-5F2DDE3276A3}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1AF61D22-D513-4417-8838-61F8724EDC4F}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EF3F6E13-25C0-40E7-A6D4-357FE61EF40A}\ = "IDismWow64Manager" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F81A121-C3C5-4E94-B7AE-22B532F9F3A8}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD7FC505-69BC-49CB-8C58-1D1DA547B7E2} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E1C59A6-272F-4212-A6D3-8DC6CDDF813A}\NumMethods regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7970DE73-63E8-43E9-9F61-81BDC748F29B}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8817CB2A-E80A-480B-A7B4-2232443A9E4B}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DADAD7BB-2B1D-4EDB-9014-B1912E1A2E3D} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7627187-C11B-42FC-91DB-4F46BD545374}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F8A8AEF3-1322-4E1D-BBF1-0A228C6FE193}\NumMethods regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E40DD35A-89E1-4619-AD21-EF97D29B5D00}\ = "IDismPackageManager3" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2114DAEC-42FD-4847-8A04-5F2DDE3276A3}\ = "IDismProviderPrivate" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A08538A6-B9FF-47C2-B228-B93612EF114B}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ECED57DF-5D67-440A-A3CD-B4F1B8B39D1A}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEE9A285-B7F6-4C16-B651-7A13AF90F42C}\NumMethods\ = "32" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46CE4564-E88A-4EAE-BD7C-DA221F61E0C7}\ = "IDismComponentStoreReport" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E23A62-CD9F-4E41-ABD5-58D534BF374E}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05BD25AF-F5D6-4246-9F91-94B187BC2BF4} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCED1A68-143B-4C8C-8451-F155BDE821DB} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE104C14-65E6-43B3-AA56-F07B5E57D81F}\ProxyStubClsid32\ = "{BE33A527-42FE-43A4-AC5E-C1D059FC705F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A3CCF844-82C9-431E-8D29-5BD09F8C9B70}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F8A8AEF3-1322-4E1D-BBF1-0A228C6FE193}\ = "IUnattendSettings" regsvr32.exe