1a032633bfa88eea880add2f1b401d0217abf1f26574977a3f0b50c20122f2dc

Analysis

max time kernel
186s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a032633bfa88eea880add2f1b401d0217abf1f26574977a3f0b50c20122f2dc.dll
Size

132KB
MD5

f35758db9d83a72f17c8ffca600ccb26
SHA1

1af73b8d0c354ab7f44268701d66a06ae8d85aa0
SHA256

1a032633bfa88eea880add2f1b401d0217abf1f26574977a3f0b50c20122f2dc
SHA512

cae4b1511215373d803676d2b7127a93dc6400a95ea3ed1e7b255248b70de2fe5f9b44a481044edeb98ee320f68ed270dc0c94d5fab08971623b5d580209c7bd
SSDEEP

3072:BzsSy6u4NjSOlWJ7ADTMSoqyyuGMa5XEf969ezDiebY7zz:BYPqjSSWRADTM7qTMqXEf8IlY

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSong	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegmentState\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptTrack\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpPerformance	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpPerformance.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegmentState\ = "DirectMusic Script AutoImp SegmentState"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioVBScript\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScripSourceCodeLoader.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpPerformance.1\ = "DirectMusic Script AutoImp Performance"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4062C116-0270-11D3-8BCB-00600893B1B6}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScript	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4108FA85-3586-11D3-8BD7-00600893B1B6}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSong\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CEBDE3E-6B91-484A-AF48-5E4F4ED6B1E1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A16F1761-B6D8-42EB-8D57-4A44FEDD3BD2}\VersionIndependentProgID\ = "Microsoft.DirectMusicScriptAutoImpSong"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSong\CurVer\ = "Microsoft.DirectMusicScriptAutoImpSong.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSong.1\CLSID\ = "{A16F1761-B6D8-42EB-8D57-4A44FEDD3BD2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpAudioPathConfig.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpAudioPathConfig\CurVer\ = "Microsoft.DirectMusicScriptAutoImpAudioPathConfig.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C5F9B72-7148-4D97-BFC9-68A0E076BEBD}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScript\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptTrack\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegment.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4062C116-0270-11D3-8BCB-00600893B1B6}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegmentState	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScripSourceCodeLoader\ = "DirectMusic Script Source Code Loader"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A861C6E2-FCFC-11D2-8BC9-00600893B1B6}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpAudioPathConfig\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EE17959-931E-49E4-A2C6-977ECF3628F3}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScripSourceCodeLoader\CurVer\ = "Microsoft.DirectMusicScripSourceCodeLoader.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A861C6E2-FCFC-11D2-8BC9-00600893B1B6}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpPerformance\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScripSourceCodeLoader.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A16F1761-B6D8-42EB-8D57-4A44FEDD3BD2}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScript\ = "DirectMusic Script Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScript\CurVer\ = "Microsoft.DirectMusicScript.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4108FA85-3586-11D3-8BD7-00600893B1B6}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A16F1761-B6D8-42EB-8D57-4A44FEDD3BD2}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSong\ = "DirectMusic Script AutoImp Song"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpAudioPathConfig.1\ = "DirectMusic Script AutoImp AudioPathConfig"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScript\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptTrack\ = "DirectMusicScriptTrack"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegment.1\ = "DirectMusic Script AutoImp Segment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioVBScript.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegment.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSong.1\ = "DirectMusic Script AutoImp Song"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpAudioPath\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{810B5013-E88D-11D2-8BC1-00600893B1B6}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegment\CurVer\ = "Microsoft.DirectMusicScriptAutoImpSegment.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSong.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegmentState.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioVBScript	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C70EB77F-EFD4-4678-A27B-BF1648F30D04}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpPerformance\CurVer\ = "Microsoft.DirectMusicScriptAutoImpPerformance.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EE17959-931E-49E4-A2C6-977ECF3628F3}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{810B5013-E88D-11D2-8BC1-00600893B1B6}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C70EB77F-EFD4-4678-A27B-BF1648F30D04}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpAudioPath.1\ = "DirectMusic Script AutoImp AudioPath"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptTrack	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicScriptAutoImpSegmentState\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4062C116-0270-11D3-8BCB-00600893B1B6}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioVBScript.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioVBScript\CLSID	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 1852	4796	regsvr32.exe	82
PID 4796 wrote to memory of 1852	4796	regsvr32.exe	82
PID 4796 wrote to memory of 1852	4796	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1a032633bfa88eea880add2f1b401d0217abf1f26574977a3f0b50c20122f2dc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1a032633bfa88eea880add2f1b401d0217abf1f26574977a3f0b50c20122f2dc.dll
  2⤵
  - Modifies registry class
  PID:1852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1852-134-0x0000000002B40000-0x0000000002B4E000-memory.dmp

Filesize
56KB

Download
memory/1852-133-0x0000000002B30000-0x0000000002B3E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads