56e90fa0c9237f29a721e2db57c3761713e88a743f0346f82a9e3a3d61b00a83

Analysis

max time kernel
165s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56e90fa0c9237f29a721e2db57c3761713e88a743f0346f82a9e3a3d61b00a83.dll
Size

145KB
MD5

4c4da4962b8c16ad5cdb4b5e54416bd7
SHA1

9a90e3f097555db05b75d1928144566229de0038
SHA256

56e90fa0c9237f29a721e2db57c3761713e88a743f0346f82a9e3a3d61b00a83
SHA512

a5558dff38b4b2ee9fb53df8820887ec02fdcda4086f6279bcb5ab24d30cc64abadee987fe93590622147bc7b002faf1e440c739bd2e4d5908b6cbd18cc6e5a3
SSDEEP

1536:FaIOH5jPMg5PJdGG9vq4Hfdm8852Nab1wDUVSb4HpKD18A872P1wVkCa08UviHvi:JOH5j+34UwNabKLeAdSkD0dv8FgZ

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\TypeLib\ = "{9085F046-3A8B-4073-B76D-80B9E2A8860F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\TypeLib\ = "{9085F046-3A8B-4073-B76D-80B9E2A8860F}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\ = "_DDvrInterVideoEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DVRINTERVIDEO.DvrInterVideoCtrl.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\ = "_DDvrInterVideo"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A1B3CEC-A505-49BB-806D-006690B8AA6B}\ = "DvrInterVideo Property Page"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\ = "_DDvrInterVideo"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\MiscStatus\1\ = "131473"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\56e90fa0c9237f29a721e2db57c3761713e88a743f0346f82a9e3a3d61b00a83.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\ = "_DDvrInterVideoEvents"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A1B3CEC-A505-49BB-806D-006690B8AA6B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DVRINTERVIDEO.DvrInterVideoCtrl.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\Control	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\MiscStatus	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0\ = "DvrInterVideo ActiveX Control module"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\TypeLib\ = "{9085F046-3A8B-4073-B76D-80B9E2A8860F}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DVRINTERVIDEO.DvrInterVideoCtrl.1\ = "DvrInterVideo Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\56E90F~1.DLL, 1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\TypeLib\ = "{9085F046-3A8B-4073-B76D-80B9E2A8860F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\ProgID\ = "DVRINTERVIDEO.DvrInterVideoCtrl.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\Control\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\TypeLib\ = "{9085F046-3A8B-4073-B76D-80B9E2A8860F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\ToolboxBitmap32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A1B3CEC-A505-49BB-806D-006690B8AA6B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\56E90F~1.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9085F046-3A8B-4073-B76D-80B9E2A8860F}\1.0\FLAGS\ = "2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A1B3CEC-A505-49BB-806D-006690B8AA6B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DVRINTERVIDEO.DvrInterVideoCtrl.1\CLSID\ = "{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\ = "DvrInterVideo Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\56E90F~1.DLL"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\MiscStatus\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\MiscStatus\1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEE1B62-FEA0-4A50-B68E-F89AC675FE15}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9685FA84-46ED-480E-B36E-7043E6E496FE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B66034D-79AC-4BA2-A4FD-AD7B391AC13D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 400	3040	regsvr32.exe	81
PID 3040 wrote to memory of 400	3040	regsvr32.exe	81
PID 3040 wrote to memory of 400	3040	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\56e90fa0c9237f29a721e2db57c3761713e88a743f0346f82a9e3a3d61b00a83.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\56e90fa0c9237f29a721e2db57c3761713e88a743f0346f82a9e3a3d61b00a83.dll
  2⤵
  - Modifies registry class
  PID:400

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads