Analysis
-
max time kernel
39s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 06:23
Behavioral task
behavioral1
Sample
86a9207a660578087882bb0b0c289e44177c870eaa7db39e744fdc777dc0c1c7.dll
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
General
-
Target
86a9207a660578087882bb0b0c289e44177c870eaa7db39e744fdc777dc0c1c7.dll
-
Size
768KB
-
MD5
548b208d1ac38287734b298944da6f2c
-
SHA1
cd6d83fc57c4496cd53018dd457b6df760d4f27b
-
SHA256
86a9207a660578087882bb0b0c289e44177c870eaa7db39e744fdc777dc0c1c7
-
SHA512
34c14ed3c5290df3751c0cd3b4a56c44bd3e82e85c83a1c5fa33c7c0bda9b9de5cd6acac7ecf1052bc68f559bc162a734f5468c4b07eaf0b89cc7915fdaf721a
-
SSDEEP
12288:6JP94MqFRmeMWt0m9SumMm6BOaMnLHtUXmMaffIEGpzK6FSkFvUFzq10GX+fOD5E:IBm0U0aSumBzEa45pzvj10GXDVE
Malware Config
Signatures
-
Installs/modifies Browser Helper Object 2 TTPs 1 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
Processes:
regsvr32.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} regsvr32.exe -
Modifies registry class 5 IoCs
Processes:
regsvr32.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\ regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\86a9207a660578087882bb0b0c289e44177c870eaa7db39e744fdc777dc0c1c7.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
regsvr32.exepid process 1452 regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1952 wrote to memory of 1452 1952 regsvr32.exe regsvr32.exe PID 1952 wrote to memory of 1452 1952 regsvr32.exe regsvr32.exe PID 1952 wrote to memory of 1452 1952 regsvr32.exe regsvr32.exe PID 1952 wrote to memory of 1452 1952 regsvr32.exe regsvr32.exe PID 1952 wrote to memory of 1452 1952 regsvr32.exe regsvr32.exe PID 1952 wrote to memory of 1452 1952 regsvr32.exe regsvr32.exe PID 1952 wrote to memory of 1452 1952 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\86a9207a660578087882bb0b0c289e44177c870eaa7db39e744fdc777dc0c1c7.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\86a9207a660578087882bb0b0c289e44177c870eaa7db39e744fdc777dc0c1c7.dll2⤵
- Installs/modifies Browser Helper Object
- Modifies registry class
- Suspicious use of SetWindowsHookEx