Analysis
-
max time kernel
98s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20/10/2022, 23:14
Static task
static1
Behavioral task
behavioral1
Sample
c8f6145cc5e50e08f1b0396dd6affd351a206128a37e298755a23b6293ceb051.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c8f6145cc5e50e08f1b0396dd6affd351a206128a37e298755a23b6293ceb051.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c8f6145cc5e50e08f1b0396dd6affd351a206128a37e298755a23b6293ceb051.dll
-
Size
227KB
-
MD5
5a80b46a2a39b6971787ec5a488db79c
-
SHA1
1ad71ce102c25be5e557b298c9d34824ce14142b
-
SHA256
c8f6145cc5e50e08f1b0396dd6affd351a206128a37e298755a23b6293ceb051
-
SHA512
e7d2398e77966a69490013425f7b38a9d2435f140c2538ce6012e31030e9913249742b53debaf00cfe41d3eae30cb90adf727b58c7bacd4ce28d33dd48a38cc0
-
SSDEEP
3072:XPsGKqWyyGZm81KhoXI1m4WGAs0cxWoHeECcWkTkHZUlMpoC7rjPlH6y:Ezqpyi1K8I3WuWVmA6kfnP9
Score
1/10
Malware Config
Signatures
-
Modifies registry class 26 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2B00BA2F-E750-4BEB-9235-97142EDE1D3E} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B32F4002-BB27-45FF-AF4F-06631C1E8DAD}\InProcServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B32F4002-BB27-45FF-AF4F-06631C1E8DAD} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89B2E422-4F1B-4316-BCEF-A44AFEA83EB3} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6848F6F2-3155-4F86-B6F5-263EEEAB3143} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B32F4002-BB27-45FF-AF4F-06631C1E8DAD} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DADA2357-E0AD-492E-98DB-DD61C53BA353} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DADA2357-E0AD-492E-98DB-DD61C53BA353}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E3F2D79-4E07-48C4-8208-D8C2E5AF4A99}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E3F2D79-4E07-48C4-8208-D8C2E5AF4A99} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6848F6F2-3155-4F86-B6F5-263EEEAB3143}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2B00BA2F-E750-4BEB-9235-97142EDE1D3E}\1.0\HELPDIR regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2B00BA2F-E750-4BEB-9235-97142EDE1D3E}\1.0 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\CLSID regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\Interface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89B2E422-4F1B-4316-BCEF-A44AFEA83EB3}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89B2E422-4F1B-4316-BCEF-A44AFEA83EB3}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DADA2357-E0AD-492E-98DB-DD61C53BA353}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E3F2D79-4E07-48C4-8208-D8C2E5AF4A99}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6848F6F2-3155-4F86-B6F5-263EEEAB3143}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B32F4002-BB27-45FF-AF4F-06631C1E8DAD}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B32F4002-BB27-45FF-AF4F-06631C1E8DAD}\NumMethods regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4944 wrote to memory of 4856 4944 regsvr32.exe 82 PID 4944 wrote to memory of 4856 4944 regsvr32.exe 82 PID 4944 wrote to memory of 4856 4944 regsvr32.exe 82
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\c8f6145cc5e50e08f1b0396dd6affd351a206128a37e298755a23b6293ceb051.dll1⤵
- Suspicious use of WriteProcessMemory
PID:4944 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\c8f6145cc5e50e08f1b0396dd6affd351a206128a37e298755a23b6293ceb051.dll2⤵
- Modifies registry class
PID:4856
-