c47ba7580682c437f394b7cc50da649b6b44de01a6d247a034891d6307171706

Analysis

max time kernel
46s
max time network
88s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c47ba7580682c437f394b7cc50da649b6b44de01a6d247a034891d6307171706.dll
Size

314KB
MD5

35564d31808baa60e72a8106b67d4300
SHA1

1a02689c1ea42b26c5c34b49da99444298f3027d
SHA256

c47ba7580682c437f394b7cc50da649b6b44de01a6d247a034891d6307171706
SHA512

ad11783265972987957d33fd848523409ecb41c1fc945f31e911aaea87123d44072efe3b4b3f33ba6afbb7e530a65b0481dddd611fbae2b5f5f814cf48d3a2b9
SSDEEP

6144:fH16HBsKoHmQcFXe2zSKrAnGmZCuZdUUEZdUUQ:fVIhGhck2wiuZdUUEZdUUQ

Score

1^/10

Malware Config

Signatures

Modifies registry class 17 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}\InprocServer32\ThreadingModel = "both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OutlookMC_hxwbgw.comaddin.1\CLSID\ = "{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OutlookMC_hxwbgw.comaddin\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OutlookMC_hxwbgw.comaddin\CLSID\ = "{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OutlookMC_hxwbgw.comaddin	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}\ProgID\ = "OutlookMC_hxwbgw.comaddin.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OutlookMC_hxwbgw.comaddin.1\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OutlookMC_hxwbgw.comaddin\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c47ba7580682c437f394b7cc50da649b6b44de01a6d247a034891d6307171706.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OutlookMC_hxwbgw.comaddin.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OutlookMC_hxwbgw.comaddin.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FD1A47A-47AD-67DB-10A6-A4E86948FDAD}\VersionIndependentProgID\ = "OutlookMC_hxwbgw.comaddin"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1148	1308	regsvr32.exe	27
PID 1308 wrote to memory of 1148	1308	regsvr32.exe	27
PID 1308 wrote to memory of 1148	1308	regsvr32.exe	27
PID 1308 wrote to memory of 1148	1308	regsvr32.exe	27
PID 1308 wrote to memory of 1148	1308	regsvr32.exe	27
PID 1308 wrote to memory of 1148	1308	regsvr32.exe	27
PID 1308 wrote to memory of 1148	1308	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c47ba7580682c437f394b7cc50da649b6b44de01a6d247a034891d6307171706.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c47ba7580682c437f394b7cc50da649b6b44de01a6d247a034891d6307171706.dll
  2⤵
  - Modifies registry class
  PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1148-56-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1308-54-0x000007FEFB651000-0x000007FEFB653000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads