e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042

Analysis

max time kernel
81s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.dll
Size

496KB
MD5

0847fff5c77ef8981d8eef2235710edf
SHA1

1de5c0f4779eb08b706a889b807135d828037226
SHA256

e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042
SHA512

b0b9986d00a74f1eac48b11ee5afb539c231b25fe60e0214a7b36bd0cfca13a3f8f07ff5003eb786e5b7a7b82ba8bd095dfed7f13d98d1398986d7df5bbf2730
SSDEEP

6144:ra8zeF0rXCeJuDx3OJda+ONYnHyRKXAbZR/fjtxsYVUz8Z8tLa8zeF4j:FzzrXCPx1pY0bZZfjxvKz

Score

1^/10

Malware Config

Signatures

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E224DF2-19D5-11D8-9BD3-5254AB1FD902}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E224DF2-19D5-11D8-9BD3-5254AB1FD902}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.ShellExecuteHook\ = "Maihook7003"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.ShellExecuteHook\Clsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E224DF2-19D5-11D8-9BD3-5254AB1FD902}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E224DF2-19D5-11D8-9BD3-5254AB1FD902}\ProgID\ = "e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.ShellExecuteHook"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E224DF2-19D5-11D8-9BD3-5254AB1FD902}\ = "Maihook7003"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E224DF2-19D5-11D8-9BD3-5254AB1FD902}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E224DF2-19D5-11D8-9BD3-5254AB1FD902}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.ShellExecuteHook	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.ShellExecuteHook\Clsid\ = "{6E224DF2-19D5-11D8-9BD3-5254AB1FD902}"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 268	1496	regsvr32.exe	28
PID 1496 wrote to memory of 268	1496	regsvr32.exe	28
PID 1496 wrote to memory of 268	1496	regsvr32.exe	28
PID 1496 wrote to memory of 268	1496	regsvr32.exe	28
PID 1496 wrote to memory of 268	1496	regsvr32.exe	28
PID 1496 wrote to memory of 268	1496	regsvr32.exe	28
PID 1496 wrote to memory of 268	1496	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e7fc4e83c03d6068afb574ce1f04550cdfc2cce71e6c2e4d69200b018bf5f042.dll
  2⤵
  - Modifies registry class
  PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-55-0x0000000000000000-mapping.dmp

Download
memory/268-56-0x0000000076581000-0x0000000076583000-memory.dmp

Filesize
8KB

Download
memory/1496-54-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads