282916b8562a47a529427fa5858602ad5964a4ec09088d90ec617ca489101788

Analysis

max time kernel
103s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 19:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

282916b8562a47a529427fa5858602ad5964a4ec09088d90ec617ca489101788.dll
Size

75KB
MD5

577758348c97b3c3d9696ed8cabcb040
SHA1

57d3c58548f716d8aaed0233622075c016ba572c
SHA256

282916b8562a47a529427fa5858602ad5964a4ec09088d90ec617ca489101788
SHA512

230a00b669dee54d9c60c884217676616667307ec7ab585229e08e27509d3bc0647176ada99f86f1043370da60826248f5ff0adf516c5017982e9bd02aec884d
SSDEEP

1536:IcsE2Z4WvwoZiSNwnURTnikJ81x2HgsUQBTUA4sX:YE2KawoZiTmTnikJMYJ5Ud8

Score

1^/10

Malware Config

Signatures

Modifies registry class 48 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\ = "tazebama 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\ = "TazebamaHook Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib\ = "{7B154753-C2FF-45C9-974E-98E4D3914D9C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ = "ITazebamaHook"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook.1\ = "TazebamaHook Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook.1\CLSID\ = "{79806449-AB35-42EC-9BE9-B390209CE514}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ = "ITazebamaHook"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\282916b8562a47a529427fa5858602ad5964a4ec09088d90ec617ca489101788.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\ = "TazebamaHook Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib\ = "{7B154753-C2FF-45C9-974E-98E4D3914D9C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\TypeLib\ = "{7B154753-C2FF-45C9-974E-98E4D3914D9C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\CLSID\ = "{79806449-AB35-42EC-9BE9-B390209CE514}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\282916b8562a47a529427fa5858602ad5964a4ec09088d90ec617ca489101788.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\TazebamaHook\ = "{79806449-AB35-42EC-9BE9-B390209CE514}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B154753-C2FF-45C9-974E-98E4D3914D9C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A198FC3-51AA-4403-B281-168F86D9053A}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\TazebamaHook	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\ProgID\ = "Tazebama.TazebamaHook.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\VersionIndependentProgID\ = "Tazebama.TazebamaHook"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79806449-AB35-42EC-9BE9-B390209CE514}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tazebama.TazebamaHook\CurVer\ = "Tazebama.TazebamaHook.1"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 4628	2656	regsvr32.exe	79
PID 2656 wrote to memory of 4628	2656	regsvr32.exe	79
PID 2656 wrote to memory of 4628	2656	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\282916b8562a47a529427fa5858602ad5964a4ec09088d90ec617ca489101788.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\282916b8562a47a529427fa5858602ad5964a4ec09088d90ec617ca489101788.dll
  2⤵
  - Modifies registry class
  PID:4628

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads