a469da8ef7c3335ac557b9bc7e7dc3da0a3641e982b8df345af04a78144745a9

Analysis

max time kernel
233s
max time network
332s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a469da8ef7c3335ac557b9bc7e7dc3da0a3641e982b8df345af04a78144745a9.dll
Size

44KB
MD5

7dd1581f5317dcae9d014cc9d48de8cc
SHA1

7594301e8ed8e0ce739342d465fae6c054d973f3
SHA256

a469da8ef7c3335ac557b9bc7e7dc3da0a3641e982b8df345af04a78144745a9
SHA512

0b3c43e793d293834491a5389ea02caa984d18bb893b6e992d8d2cb029336870a770df4a93890d11d392e81653a1e3ae4e1ba6c91771d17b04232a2b3422dbed
SSDEEP

384:bVPvfTqgizasNdFXDq7654Zndrrocmo6UavZMp8tY7BsOffuDV0sn8pMS7ojru+N:N7qg5sXoddrr2Q/iY7+OHEPcBsj3r

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\TypeLib\ = "{1A607D76-8982-48C5-98B5-30571BE2BBCF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\VERSION	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\TypeLib\ = "{1A607D76-8982-48C5-98B5-30571BE2BBCF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\ProgID\ = "BrowserHelper.CBrowserHelper"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ProxyStubClsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\TypeLib\ = "{1A607D76-8982-48C5-98B5-30571BE2BBCF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a469da8ef7c3335ac557b9bc7e7dc3da0a3641e982b8df345af04a78144745a9.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper\Clsid\ = "{0C1BD5DF-379F-4042-94F4-5889D973656F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ = "_CBrowserHelper"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a469da8ef7c3335ac557b9bc7e7dc3da0a3641e982b8df345af04a78144745a9.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper\Clsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0\ = "BrowserHelper"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\ = "BrowserHelper.CBrowserHelper"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\VERSION\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1BD5DF-379F-4042-94F4-5889D973656F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper\ = "BrowserHelper.CBrowserHelper"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ = "CBrowserHelper"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ = "_CBrowserHelper"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DE31AD5-3547-4760-8C9F-9854494C3A96}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{1A607D76-8982-48C5-98B5-30571BE2BBCF}\1.0\0\win32	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 1472	752	regsvr32.exe	28
PID 752 wrote to memory of 1472	752	regsvr32.exe	28
PID 752 wrote to memory of 1472	752	regsvr32.exe	28
PID 752 wrote to memory of 1472	752	regsvr32.exe	28
PID 752 wrote to memory of 1472	752	regsvr32.exe	28
PID 752 wrote to memory of 1472	752	regsvr32.exe	28
PID 752 wrote to memory of 1472	752	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a469da8ef7c3335ac557b9bc7e7dc3da0a3641e982b8df345af04a78144745a9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a469da8ef7c3335ac557b9bc7e7dc3da0a3641e982b8df345af04a78144745a9.dll
  2⤵
  - Modifies registry class
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/752-54-0x000007FEFBCE1000-0x000007FEFBCE3000-memory.dmp

Filesize
8KB

Download
memory/1472-56-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads