Overview
overview
10Static
static
1Netflix C...ha.dll
windows7-x64
1Netflix C...ha.dll
windows10-2004-x64
1Netflix C...ka.exe
windows7-x64
10Netflix C...ka.exe
windows10-2004-x64
10Netflix C...et.dll
windows7-x64
1Netflix C...et.dll
windows10-2004-x64
1Netflix C...xy.dll
windows7-x64
1Netflix C...xy.dll
windows10-2004-x64
1Netflix C...32.dll
windows7-x64
1Netflix C...32.dll
windows10-2004-x64
1Netflix C...ha.dll
windows7-x64
1Netflix C...ha.dll
windows10-2004-x64
1Netflix C...ip.dll
windows7-x64
1Netflix C...ip.dll
windows10-2004-x64
1Netflix C...et.dll
windows7-x64
1Netflix C...et.dll
windows10-2004-x64
1Netflix C...xy.dll
windows7-x64
1Netflix C...xy.dll
windows10-2004-x64
1Netflix C...32.dll
windows7-x64
1Netflix C...32.dll
windows10-2004-x64
1Netflix C...cs.exe
windows7-x64
10Netflix C...cs.exe
windows10-2004-x64
10Analysis
-
max time kernel
112s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
19-03-2023 12:02
Static task
static1
Behavioral task
behavioral1
Sample
Netflix Checker by GOD Cracked By GM`ka/AntiCaptcha.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
Netflix Checker by GOD Cracked By GM`ka/AntiCaptcha.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Netflix Checker by GOD Cracked By GM`ka/Netflix by GOD Cracked By GM`ka.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral4
Sample
Netflix Checker by GOD Cracked By GM`ka/Netflix by GOD Cracked By GM`ka.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Netflix Checker by GOD Cracked By GM`ka/ProxySocket.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral6
Sample
Netflix Checker by GOD Cracked By GM`ka/ProxySocket.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Netflix Checker by GOD Cracked By GM`ka/bcastdvr.proxy.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
Netflix Checker by GOD Cracked By GM`ka/bcastdvr.proxy.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Netflix Checker by GOD Cracked By GM`ka/msacm32.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral10
Sample
Netflix Checker by GOD Cracked By GM`ka/msacm32.dll
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/AntiCaptcha.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral12
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/AntiCaptcha.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/Ionic.Zip.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral14
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/Ionic.Zip.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/ProxySocket.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral16
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/ProxySocket.dll
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/bcastdvr.proxy.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral18
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/bcastdvr.proxy.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/msacm32.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral20
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/msacm32.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Netflix Checker by GOD Cracked By GM`ka/xNet/procs.exe
Resource
win7-20230220-en
windows7-x64
General
-
Target
Netflix Checker by GOD Cracked By GM`ka/bcastdvr.proxy.dll
-
Size
127KB
-
MD5
eb1e9d853b3a71f8db7de8a1ee04a757
-
SHA1
175e1d12d7a6466c844d0e6551a90554b1f9c50c
-
SHA256
610ab0b7bee791a97e1ebb78a71897adcdad3e1db53598a1e1fba0b3cae624c3
-
SHA512
8987c9afa386f1fe0c54efb7f93e5abe49055568899c16625bb37f8bec4872627b159f2a7c1002b1980e29dcf6ea0757058882e73ce533f1dbf9546f6cbbd283
-
SSDEEP
3072:7/5xT3o7aTOPun5L6L3QP0YUj1rZlXw4qw0+Aqd6m/l8zVE37MTGEmVQkpc6mfFO:uxeF6
Malware Config
Signatures
-
Modifies registry class 64 IoCs
Processes:
regsvr32.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27DF9BE-3BF5-45AB-8699-49E85C7FA9CC} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A85A45EF-DCB2-58D5-8DA8-84015AA3BA3C}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{39C83E66-1B7F-56B6-95B1-AEB4FC0DFA42}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EDA886CF-1A4E-5CC4-9949-691DC7066FE4}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A4CCE9F7-E2EA-545D-A84A-84BCC663C180} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E0CE4877-9AAF-46B4-AD31-6A60B441C780} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFAB4AC8-21BA-453F-8BB7-5E938A2E9A74} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9304DB27-4D4D-58C4-BFE7-BEA839E515AB}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24FC8712-E305-490D-B415-6B1C9049736B}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7045F4FB-F9B9-51B3-8111-631BF3AA3338} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9D35A05-B269-4577-AE9C-D8A6A8149AA4}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{81215969-88C0-4043-8744-5F4F497E9DBA}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{857BF1A3-7670-58B8-9AF8-A6D3307E4227}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7045F4FB-F9B9-51B3-8111-631BF3AA3338}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2AD91D78-59F2-4987-A856-A04D7FBEA948}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E0CE4877-9AAF-46B4-AD31-6A60B441C780}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C4745A6-E5E4-545C-BDB9-52F85932B2E7}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1225E4DF-03A1-42F8-8B80-C9228CD9CF2E}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A8409557-ECF6-4C18-BB7B-FE926444BAF2}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02B692A4-5919-4A9E-8D5E-C9BB0DD3377A} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{914D0803-701C-52D4-8DED-46FC356998BA} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4189FBF4-465E-45BF-907F-165B3FB23758}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C30BDF62-9948-458F-AD50-AA06EC03DA08}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE08056D-8099-4DDD-922E-C56DAC58ABFB}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F8715188-EFC7-575C-AD9D-695EB2044524}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27101845-B6ED-44F9-BC97-12B290C77AE8}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3232E018-8A2F-462B-839B-DDD166C9DEF4}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAD1E72A-FA94-46F9-95FC-D71511CDA70B}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A57F2DE-8DEA-4E86-90AD-03FC26B9653C} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC64118B-04F9-5161-A7C0-E6A96070A8D1}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6A6996-8825-4C87-A4C8-716CA01F57C6}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19A52DF1-9032-4EC3-8A34-D41449D5C84D}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B4202F92-1611-4E05-B6EF-DFD737AE33B0} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{633C91CA-4FDE-5160-9209-3FD3A403A917}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18894522-B0E8-4BA0-8F13-3EAA5FA4013B}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9AC4E6F7-66CF-5949-865A-9B0525F4E703}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{239C0798-5FA1-516B-B38B-0AF510C41985}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E550D979-27A1-49A7-BBF4-D7A9E9D07668}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00F95A68-8907-48A0-B8EF-24D208137542}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EF98A1B2-3556-4531-A805-04C368AED017}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F304F5B4-1D02-45C4-ABD2-B2140EAF013C}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CF667B1A-3BB9-57CE-A38B-1E81471F8CF8} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B54C121-BFFC-5483-86CB-4FEA9CDA8EB0}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B74AE481-777B-5BC9-83DA-562D905A43F1}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{11168284-A12E-4D8C-B21A-F892D15FC196} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DBEAD57-50A6-499E-8C6C-D330A7311796} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF9AD48A-0CB9-4076-9472-C97E764429FF}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CEA54283-EE51-4DBF-9472-79A9ED4E2165}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D05DA08F-B7AA-58C3-BFAF-4C1E372444D4}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCB8CEE7-E26B-476F-9B1A-EC342D2A8FDE}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2949282E-CF0E-4664-ABCF-E6F686B128E1}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8AEF7696-CE5E-5596-A2AD-4EB1AF1B111B} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24031FD1-432F-4A82-BB03-6A50C1ADCA48}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD170424-794D-5158-A9AF-6824353F91B2} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD1E9F6D-94DC-4FCE-9541-A9F129596334}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{486ED9E8-2CF7-5FC1-B31C-052D8FDBF90C}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{43C83783-B36D-5A8E-B993-E19C823E6C1A} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A2169B9D-25D9-4A60-834A-7F7F2EF60BB7}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19E8E0EF-236C-40F9-B38F-9B7DD65D1CCC} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAD1E72A-FA94-46F9-95FC-D71511CDA70B}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5108A733-D008-4A89-93BE-58AED961374E} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EF06C335-A7F3-56BB-9703-97E7C6B87FB5}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18894522-B0E8-4BA0-8F13-3EAA5FA4013B} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1ED4DA46-23D9-5CAC-9AEF-03212C65FD53} regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid Process procid_target PID 1304 wrote to memory of 2992 1304 regsvr32.exe 86 PID 1304 wrote to memory of 2992 1304 regsvr32.exe 86 PID 1304 wrote to memory of 2992 1304 regsvr32.exe 86
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\Netflix Checker by GOD Cracked By GM`ka\bcastdvr.proxy.dll"1⤵
- Suspicious use of WriteProcessMemory
PID:1304 -
C:\Windows\SysWOW64\regsvr32.exe/s "C:\Users\Admin\AppData\Local\Temp\Netflix Checker by GOD Cracked By GM`ka\bcastdvr.proxy.dll"2⤵
- Modifies registry class
PID:2992
-