06480955500c1c18166c2b4011a1cd4945d4ea058df071c0f4c355fb142cd080

Analysis

max time kernel
123s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06480955500c1c18166c2b4011a1cd4945d4ea058df071c0f4c355fb142cd080.dll
Size

75KB
MD5

7985a06536ad1e013475dfde55e4f5ee
SHA1

04ec4a7eb47af311cefa2235b49e945663f10f1d
SHA256

06480955500c1c18166c2b4011a1cd4945d4ea058df071c0f4c355fb142cd080
SHA512

5bb8276b1325250bfc2511aa100ee510a069d920e12a03217ab1486deb14ef70eff2ff43a2a45c4f931a70ebe90ac008bf6101f6b8aedfd78379009c597b86f3
SSDEEP

1536:IcsE2Z4WvwoZix8zCD317OPFC/FQGOC2qh912:YE2KawoZix8A31i9GeGOC2P

Score

1^/10

Malware Config

Signatures

Modifies registry class 48 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\TazebamaHook\ = "{79806449-AB35-42EC-9BE9-B390209CE514}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\ = "tazebama 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\CurVer\ = "Tazebama.TazebamaHook.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ = "ITazebamaHook"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\06480955500c1c18166c2b4011a1cd4945d4ea058df071c0f4c355fb142cd080.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\06480955500c1c18166c2b4011a1cd4945d4ea058df071c0f4c355fb142cd080.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\CLSID\ = "{79806449-AB35-42EC-9BE9-B390209CE514}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\ProgID\ = "Tazebama.TazebamaHook.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ = "ITazebamaHook"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook.1\CLSID\ = "{79806449-AB35-42EC-9BE9-B390209CE514}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\ = "TazebamaHook Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\TypeLib\ = "{7B154753-C2FF-45C9-974E-98E4D3914D9C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\VersionIndependentProgID\ = "Tazebama.TazebamaHook"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\TazebamaHook	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook.1\ = "TazebamaHook Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\ = "TazebamaHook Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib\ = "{7B154753-C2FF-45C9-974E-98E4D3914D9C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib\ = "{7B154753-C2FF-45C9-974E-98E4D3914D9C}"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 4408	4644	regsvr32.exe	34
PID 4644 wrote to memory of 4408	4644	regsvr32.exe	34
PID 4644 wrote to memory of 4408	4644	regsvr32.exe	34

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\06480955500c1c18166c2b4011a1cd4945d4ea058df071c0f4c355fb142cd080.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\06480955500c1c18166c2b4011a1cd4945d4ea058df071c0f4c355fb142cd080.dll
  2⤵
  - Modifies registry class
  PID:4408

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads