d55c0bf9af879cfd936cd99af855577cf7d43fa10cda5e21a62e5ac443f9a9f4

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d55c0bf9af879cfd936cd99af855577cf7d43fa10cda5e21a62e5ac443f9a9f4.dll
Size

616KB
MD5

f1d8fc682b76386902c724d3828d2f70
SHA1

8294e4dc50e35aac89a713eec5255e7130c34108
SHA256

d55c0bf9af879cfd936cd99af855577cf7d43fa10cda5e21a62e5ac443f9a9f4
SHA512

6ec2a3537fc0e7afa674badba3eb95682e2012c91ad41b773987a1aaeb609dcd92898dad8f6c108678ed3b3278d4aa3f69c3b61ded1ec250fc2eddfc6da5fcfc
SSDEEP

12288:dS8KCwFI9bmkNdrzDoV7ZJDBmBmYXTOg+bs30ZefH0:M8P5zD+ZVBmB7yg+Q30ZefH0

Score

8^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d55c0bf9af879cfd936cd99af855577cf7d43fa10cda5e21a62e5ac443f9a9f4.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32	regsvr32.exe

Modifies registry class 14 IoCs

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\DriveMask = "255"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d55c0bf9af879cfd936cd99af855577cf7d43fa10cda5e21a62e5ac443f9a9f4.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d55c0bf9af879cfd936cd99af855577cf7d43fa10cda5e21a62e5ac443f9a9f4.IA-32.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d55c0bf9af879cfd936cd99af855577cf7d43fa10cda5e21a62e5ac443f9a9f4.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:4876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads