5586c5e1a139fffc4c11136a6d371a6173f363a46ee9f2b46e8fb9e7df363b74

Analysis

max time kernel
73s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

printerfix/win7/win32spl.dll
Size

743KB
MD5

6fc904493f366f0a10d6cd03a8c4b933
SHA1

c8cac1aa85ac7417ea64d3ad77b7c13ebc02f1f4
SHA256

81be67de5cbff88e8b950fc28a786dc64c8de80e9aba4438432ab9f1776af1aa
SHA512

ab438ed0b4c87825b0219050185892fbc1831c3343ef6bb03276fa02615b0e9ea8adb844a5f5fd617ba62560d99fc325246ad29c3e774840342f814c9a0dbfb7
SSDEEP

6144:lCwDdWRKFexLic4IV1510RfjkEsZzBKfa/1UodGcSuZ1OkZ5TGTri4NTYYZP+E5V:wwD4KFeBijIDSfjkVrUodJ3Z529v3E6

Score

8^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\printerfix\\win7\\win32spl.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\InprocServer32	regsvr32.exe

Modifies registry class 29 IoCs

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManage.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\TypeLib\ = "{052A1799-2BD5-4ED6-A254-8E850C48F41A}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\ = "Client Side Rendering Cache Manager"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManage.1\ = "Client Side Rendering Cache Manager"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManage.1\CLSID\ = "{36DC67DC-D792-49B7-BC53-BE67D4D86493}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0\ = "csrspl 1.0 Cache Manager Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\printerfix\\win7\\win32spl.dll\\2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManager\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\VersionIndependentProgID\ = "ClientSideRenderingCacheManager.ClientSideRenderingCacheManager"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManager	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManage.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\ProgID\ = "ClientSideRenderingCacheManager.ClientSideRenderingCacheManage.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\printerfix\\win7\\win32spl.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManager\CLSID\ = "{36DC67DC-D792-49B7-BC53-BE67D4D86493}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36DC67DC-D792-49B7-BC53-BE67D4D86493}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManager\ = "Client Side Rendering Cache Manager"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0\0\win64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{052A1799-2BD5-4ED6-A254-8E850C48F41A}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\printerfix\\win7"	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\printerfix\win7\win32spl.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:2248

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads