2275cb81293ebb4563cf0d159b37a772482ece0acb26aa7fdfae5a9271325d7b

Analysis

max time kernel
138s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2275cb81293ebb4563cf0d159b37a772482ece0acb26aa7fdfae5a9271325d7b.dll
Size

449KB
MD5

8024ab604730c1eda632a027978ed407
SHA1

deda85e79367820050f90862390eb4c2d9a48cff
SHA256

2275cb81293ebb4563cf0d159b37a772482ece0acb26aa7fdfae5a9271325d7b
SHA512

7f136e371cbcedf1e973c6abef8c256086c9fd8927ea3fd3b8b94048735f0f09c355cae0ad82c96db9e2d05e476538d649f525e1d587a87c3463487b305da75f
SSDEEP

12288:RAG6fQKOclHZyl+L5QCaHG0wS7yi9RyhFgtanOEw8+g:RIfxHZygLyCamfSuiTIFgUr+g

Score

1^/10

Malware Config

Signatures

Modifies registry class 32 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\0\win32\ = "C:\\Windows\\SysWOW64\\EditionUpgradeHelper.dll"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\VersionIndependentProgID\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\InprocServer32\ = "C:\\Windows\\SysWOW64\\msvidctl.dll"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\ProgID	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\ProgID\ = "MSVidCtl.MSEventBinder.1"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\0\win32\	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\Programmable	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\ = "EditionUpgradeHelper 1.0 Type Library"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\0\win64	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\ProgID\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\0\win64\ = "C:\\Windows\\SysWow64\\EditionUpgradeHelper.dll"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\TypeLib\	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\VersionIndependentProgID	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\InprocServer32\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\TypeLib	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\TypeLib\ = "{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\ = "Owita.Ajodabi.Ixafo object"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\InprocServer32	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\0\win64\	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\Version	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\Version\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\VersionIndependentProgID\ = "MSVidCtl.MSEventBinder"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\0\	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\0\win32	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\Version\ = "1.0"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C17628-A93C-42F3-3B84-F27434192B64}\Programmable\	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BD4A9806-19A6-19DB-419D-9B9E27AEB5A0}\1.0\0	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 3056	1976	rundll32.exe	83
PID 1976 wrote to memory of 3056	1976	rundll32.exe	83
PID 1976 wrote to memory of 3056	1976	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2275cb81293ebb4563cf0d159b37a772482ece0acb26aa7fdfae5a9271325d7b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2275cb81293ebb4563cf0d159b37a772482ece0acb26aa7fdfae5a9271325d7b.dll,#1
  2⤵
  - Modifies registry class
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3056-133-0x0000000010000000-0x00000000101CF000-memory.dmp

Filesize
1.8MB

Download
memory/3056-134-0x0000000002850000-0x00000000028A4000-memory.dmp

Filesize
336KB

Download
memory/3056-135-0x0000000002850000-0x00000000028A4000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads