6cbc05ba4d535e8abc3ae0fe4ec4d9c0224539a81103ee8cb48237a0f4263c0a

Analysis

max time kernel
102s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 23:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6cbc05ba4d535e8abc3ae0fe4ec4d9c0224539a81103ee8cb48237a0f4263c0a.dll
Size

178KB
MD5

6ed713a246094f4d8ea1c9ba0c7bbc40
SHA1

b6aa123bfee4c50a3aa7201d35c20db4c9623dba
SHA256

6cbc05ba4d535e8abc3ae0fe4ec4d9c0224539a81103ee8cb48237a0f4263c0a
SHA512

c02a9779074b1b0b5bd4be8a12a6998c0298a8498b52710ac1aa37d83cfc6f0fedf741993749bc373703e964e9efdefbb1fb0990fef4563c146b66060483221f
SSDEEP

3072:2hp4iHlpDpjnZPDc6zWODdjPuVfn09jTHB/ero/s5Dobrg9XuNS:4p4IprZZZjW+9mhob0VL

Score

1^/10

Malware Config

Signatures

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6cbc05ba4d535e8abc3ae0fe4ec4d9c0224539a81103ee8cb48237a0f4263c0a.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\ = "AudioVolumeMeter"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6cbc05ba4d535e8abc3ae0fe4ec4d9c0224539a81103ee8cb48237a0f4263c0a.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\ = "XAudio2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6cbc05ba4d535e8abc3ae0fe4ec4d9c0224539a81103ee8cb48237a0f4263c0a.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\ = "AudioReverb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 3644	1512	regsvr32.exe	79
PID 1512 wrote to memory of 3644	1512	regsvr32.exe	79
PID 1512 wrote to memory of 3644	1512	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6cbc05ba4d535e8abc3ae0fe4ec4d9c0224539a81103ee8cb48237a0f4263c0a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6cbc05ba4d535e8abc3ae0fe4ec4d9c0224539a81103ee8cb48237a0f4263c0a.dll
  2⤵
  - Modifies registry class
  PID:3644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3644-133-0x00000000756B0000-0x000000007576B000-memory.dmp

Filesize
748KB

Download
memory/3644-134-0x00000000756B0000-0x000000007576B000-memory.dmp

Filesize
748KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads