7aa8ccc46fc67019863031bbb1e7029267d92017f93d0386a6d29a8a495cbbe4

Analysis

max time kernel
10s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7aa8ccc46fc67019863031bbb1e7029267d92017f93d0386a6d29a8a495cbbe4.dll
Size

196KB
MD5

e73792847f2bbb41e79cd31afd20926e
SHA1

302a6a15856bac9637a2f620ea1c847f59850d0b
SHA256

7aa8ccc46fc67019863031bbb1e7029267d92017f93d0386a6d29a8a495cbbe4
SHA512

8baf6cc735e9e3c222b31cc25bc8155f21af2b38380dfe6f91e94b72bc3a164e8c269223954a128afb6901bf6d91949c55c898ed890f8febd5ea6b382f405835
SSDEEP

1536:v0mlkRI3qSyStmz4ljnrofEOudeGWKaU0nppvLDRO15Wt6ZZyv58zQCRJWv+2WFl:vHkRTSyStmc3+1U0npxHOROpkeD

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76EED002-271B-44F0-B57C-FF8540C2B74C}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD37CE70-DA4A-4EF0-905E-4436D5D5DB4C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B5BE835-1487-42EA-A72A-8EF629C20A4D}\TypeLib\Version = "2.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E4A4E112-DACB-4DEF-8E8A-972D88089833}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BEECFBB-3CDC-4E6B-94A0-CF8123DD22DB}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BEECFBB-3CDC-4E6B-94A0-CF8123DD22DB}\TypeLib\Version = "2.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BEECFBB-3CDC-4E6B-94A0-CF8123DD22DB}\TypeLib\ = "{77EBD0B1-871A-4AD1-951A-26AEFE783111}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vbalExplorerBarLib6.vbalExplorerBarCtl\Clsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7A832C2-3E2F-40D0-B2D1-70F2366F2FDA}\ProxyStubClsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E4A4E112-DACB-4DEF-8E8A-972D88089833}\VERSION\ = "2.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B5BE835-1487-42EA-A72A-8EF629C20A4D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B5BE835-1487-42EA-A72A-8EF629C20A4D}\ = "pcExplorerBarItem"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{628DFC17-BEEF-486E-BDC5-E04B484FD8A6}\ = "cExplorerBarItems"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD37CE70-DA4A-4EF0-905E-4436D5D5DB4C}\ProxyStubClsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DEE14ED7-9862-4599-A7A5-33106E5B66CD}\VERSION	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0621CF6B-B4C3-46B3-9EB1-CFE78D8FE0E7}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7aa8ccc46fc67019863031bbb1e7029267d92017f93d0386a6d29a8a495cbbe4.dll, 30000"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A8E13D0-B260-415B-8798-3B98264F2BA5}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BEECFBB-3CDC-4E6B-94A0-CF8123DD22DB}\ProxyStubClsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{77EBD0B1-871A-4AD1-951A-26AEFE783111}\2.1\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A5DDD41-9F4F-4EE8-8DCB-3E9C9024D84D}\TypeLib\Version = "2.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DEE14ED7-9862-4599-A7A5-33106E5B66CD}\ProgID\ = "vbalExplorerBarLib6.cExplorerBar"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{869CC80C-28C8-4DCB-A3E4-C1950BD2596A}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{77EBD0B1-871A-4AD1-951A-26AEFE783111}\2.1\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76EED002-271B-44F0-B57C-FF8540C2B74C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0621CF6B-B4C3-46B3-9EB1-CFE78D8FE0E7}\MiscStatus\1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{76EED002-271B-44F0-B57C-FF8540C2B74C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2DAD85D7-F688-4F55-83E1-E4E41B96A69A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7A832C2-3E2F-40D0-B2D1-70F2366F2FDA}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0621CF6B-B4C3-46B3-9EB1-CFE78D8FE0E7}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B5BE835-1487-42EA-A72A-8EF629C20A4D}\TypeLib\ = "{77EBD0B1-871A-4AD1-951A-26AEFE783111}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vbalExplorerBarLib6.pcExplorerBarItem\Clsid\ = "{93BD935B-811C-4296-9B11-955B2CEBDABE}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0621CF6B-B4C3-46B3-9EB1-CFE78D8FE0E7}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{628DFC17-BEEF-486E-BDC5-E04B484FD8A6}\TypeLib\Version = "2.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD37CE70-DA4A-4EF0-905E-4436D5D5DB4C}\TypeLib\ = "{77EBD0B1-871A-4AD1-951A-26AEFE783111}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EBAB9FC8-CF35-40D2-A3E0-F359D12A57BD}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90CDCCC6-7335-4F71-B639-FD6EAFF2E0A4}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7A832C2-3E2F-40D0-B2D1-70F2366F2FDA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B5BE835-1487-42EA-A72A-8EF629C20A4D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EBAB9FC8-CF35-40D2-A3E0-F359D12A57BD}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{615BD953-D262-4346-BD3D-050B599B6F46}\Forward	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EBAB9FC8-CF35-40D2-A3E0-F359D12A57BD}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vbalExplorerBarLib6.cExplorerBarItem\ = "vbalExplorerBarLib6.cExplorerBarItem"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90CDCCC6-7335-4F71-B639-FD6EAFF2E0A4}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90CDCCC6-7335-4F71-B639-FD6EAFF2E0A4}\ProgID\ = "vbalExplorerBarLib6.cExplorerBarItem"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E4A4E112-DACB-4DEF-8E8A-972D88089833}\ProgID\ = "vbalExplorerBarLib6.cExplorerBarItems"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD37CE70-DA4A-4EF0-905E-4436D5D5DB4C}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vbalExplorerBarLib6.pcExplorerBarItem\ = "vbalExplorerBarLib6.pcExplorerBarItem"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vbalExplorerBarLib6.vbalExplorerBarCtl\Clsid\ = "{0621CF6B-B4C3-46B3-9EB1-CFE78D8FE0E7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A8E13D0-B260-415B-8798-3B98264F2BA5}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BEECFBB-3CDC-4E6B-94A0-CF8123DD22DB}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BEECFBB-3CDC-4E6B-94A0-CF8123DD22DB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B5BE835-1487-42EA-A72A-8EF629C20A4D}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E4A4E112-DACB-4DEF-8E8A-972D88089833}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DEE14ED7-9862-4599-A7A5-33106E5B66CD}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{869CC80C-28C8-4DCB-A3E4-C1950BD2596A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2DAD85D7-F688-4F55-83E1-E4E41B96A69A}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EBAB9FC8-CF35-40D2-A3E0-F359D12A57BD}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B5BE835-1487-42EA-A72A-8EF629C20A4D}\ProxyStubClsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B5BE835-1487-42EA-A72A-8EF629C20A4D}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{628DFC17-BEEF-486E-BDC5-E04B484FD8A6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{869CC80C-28C8-4DCB-A3E4-C1950BD2596A}\Forward	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{76EED002-271B-44F0-B57C-FF8540C2B74C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD37CE70-DA4A-4EF0-905E-4436D5D5DB4C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{628DFC17-BEEF-486E-BDC5-E04B484FD8A6}\TypeLib\ = "{77EBD0B1-871A-4AD1-951A-26AEFE783111}"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 940	1356	regsvr32.exe	28
PID 1356 wrote to memory of 940	1356	regsvr32.exe	28
PID 1356 wrote to memory of 940	1356	regsvr32.exe	28
PID 1356 wrote to memory of 940	1356	regsvr32.exe	28
PID 1356 wrote to memory of 940	1356	regsvr32.exe	28
PID 1356 wrote to memory of 940	1356	regsvr32.exe	28
PID 1356 wrote to memory of 940	1356	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7aa8ccc46fc67019863031bbb1e7029267d92017f93d0386a6d29a8a495cbbe4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7aa8ccc46fc67019863031bbb1e7029267d92017f93d0386a6d29a8a495cbbe4.dll
  2⤵
  - Modifies registry class
  PID:940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/940-55-0x0000000000000000-mapping.dmp

Download
memory/940-56-0x00000000760A1000-0x00000000760A3000-memory.dmp

Filesize
8KB

Download
memory/1356-54-0x000007FEFBCE1000-0x000007FEFBCE3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads