Overview
overview
7Static
static
7soundpad-c...in.zip
windows7-x64
1soundpad-c...in.zip
windows10-2004-x64
1soundpad-c...DME.md
windows7-x64
3soundpad-c...DME.md
windows10-2004-x64
3soundpad-c...ID.cfg
windows7-x64
3soundpad-c...ID.cfg
windows10-2004-x64
3soundpad-c...ad.exe
windows7-x64
7soundpad-c...ad.exe
windows10-2004-x64
7soundpad-c...ig.ini
windows7-x64
1soundpad-c...ig.ini
windows10-2004-x64
1soundpad-c...ol.dll
windows7-x64
3soundpad-c...ol.dll
windows10-2004-x64
3soundpad-c...te.dll
windows7-x64
1soundpad-c...te.dll
windows10-2004-x64
1soundpad-c...pt.vdf
windows7-x64
3soundpad-c...pt.vdf
windows10-2004-x64
3soundpad-c...ion.mo
windows7-x64
3soundpad-c...ion.mo
windows10-2004-x64
3soundpad-c...ion.mo
windows7-x64
3soundpad-c...ion.mo
windows10-2004-x64
3soundpad-c...ion.mo
windows7-x64
3soundpad-c...ion.mo
windows10-2004-x64
3soundpad-c...ion.mo
windows7-x64
3soundpad-c...ion.mo
windows10-2004-x64
3soundpad-c...ion.mo
windows7-x64
3soundpad-c...ion.mo
windows10-2004-x64
3soundpad-c...ion.mo
windows7-x64
3soundpad-c...ion.mo
windows10-2004-x64
3soundpad-c...ion.mo
windows7-x64
3soundpad-c...ion.mo
windows10-2004-x64
3soundpad-c...ion.mo
windows7-x64
3soundpad-c...ion.mo
windows10-2004-x64
3Analysis
-
max time kernel
261s -
max time network
265s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
02/04/2023, 17:48
Behavioral task
behavioral1
Sample
soundpad-cracked-by-2u-main.zip
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
soundpad-cracked-by-2u-main.zip
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
soundpad-cracked-by-2u-main/README.md
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral4
Sample
soundpad-cracked-by-2u-main/README.md
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
soundpad-cracked-by-2u-main/SoundPad/Profile/CRACKED BY Ray_Black/SteamUserID.cfg
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral6
Sample
soundpad-cracked-by-2u-main/SoundPad/Profile/CRACKED BY Ray_Black/SteamUserID.cfg
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
soundpad-cracked-by-2u-main/SoundPad/Soundpad.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
soundpad-cracked-by-2u-main/SoundPad/Soundpad.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
soundpad-cracked-by-2u-main/SoundPad/SteamConfig.ini
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral10
Sample
soundpad-cracked-by-2u-main/SoundPad/SteamConfig.ini
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
soundpad-cracked-by-2u-main/SoundPad/UniteFxControl.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral12
Sample
soundpad-cracked-by-2u-main/SoundPad/UniteFxControl.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
soundpad-cracked-by-2u-main/SoundPad/UniteFxUpdate.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral14
Sample
soundpad-cracked-by-2u-main/SoundPad/UniteFxUpdate.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
soundpad-cracked-by-2u-main/SoundPad/installscript.vdf
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral16
Sample
soundpad-cracked-by-2u-main/SoundPad/installscript.vdf
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/cs/translation.mo
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral18
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/cs/translation.mo
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/da/translation.mo
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral20
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/da/translation.mo
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/de/translation.mo
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral22
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/de/translation.mo
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/es_ES/translation.mo
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral24
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/es_ES/translation.mo
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/fi/translation.mo
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral26
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/fi/translation.mo
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/fr/translation.mo
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral28
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/fr/translation.mo
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/it/translation.mo
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral30
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/it/translation.mo
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/ja/translation.mo
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral32
Sample
soundpad-cracked-by-2u-main/SoundPad/languages/ja/translation.mo
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
soundpad-cracked-by-2u-main/SoundPad/Soundpad.exe
-
Size
10.9MB
-
MD5
0ae4f60d72e0d1c159505500b8a08ebb
-
SHA1
bb352dafd3c3ebebb4414b799010fe5ebddbef44
-
SHA256
ed3371229647ef876b45cb5940e48b461df58d4e68ad4932f5877eba90c8d379
-
SHA512
88495911df544a04a4e09828ae10b57d3d945c41d6e28964c2d4d077afa43fec1c82a8ff6dcce57a3c7b9e5d02d1e47f800f557b022866f5f7be4a2db9b07536
-
SSDEEP
196608:fDRlger67uOemwy1LR/XU3gmsRM0wWM+wC89ooEvu:UerSwAVE3XsRMiJpsf
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation Soundpad.exe -
Loads dropped DLL 2 IoCs
pid Process 2556 regsvr32.exe 1396 regsvr32.exe -
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\InprocServer32\ Soundpad.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\InprocServer32\ = "C:\\Windows\\system32\\UniteFx.dll" Soundpad.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\InprocServer32\ThreadingModel = "Both" Soundpad.exe -
resource yara_rule behavioral8/memory/3352-133-0x00007FFE75300000-0x00007FFE76350000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\system32\UniteFx.dll Soundpad.exe File opened for modification C:\Windows\system32\UniteFx.dll Soundpad.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 63 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\URL Protocol Soundpad.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\Flags = "14" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71} regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist\shell Soundpad.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\PerceivedType = "audio" Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\OpenWithList Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist Soundpad.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist\ = "Soundpad sound list" Soundpad.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MajorVersion = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\ = "UniteFx Class" Soundpad.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MinOutputConnections = "1" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist\shell\open\command Soundpad.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\FriendlyName = "UniteFx" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soundpad-cracked-by-2u-main\\SoundPad\\Soundpad.exe,0" Soundpad.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\ = "Soundpad.Soundlist" Soundpad.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\OpenWithProgids\Soundpad.Soundlist Soundpad.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\ = "URL:Soundpad Protocol" Soundpad.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\soundpad-cracked-by-2u-main\\SoundPad\\Soundpad.exe\" -c \"%1\"" Soundpad.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MaxInputConnections = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\Copyright = "Copyright (C) 2016-2019 Leppsoft" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MinorVersion = "6" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MaxInputConnections = "1" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\Content Type = "audio/soundpadlist" Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\OpenWithList\ehshell.exe\ Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\shell\open\command\ Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist\shell\open\command\ Soundpad.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\FriendlyName = "UniteFx" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MinorVersion = "6" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\Flags = "14" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\DefaultIcon Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\shell\open\command Soundpad.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\ Soundpad.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MinInputConnections = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MinOutputConnections = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\InprocServer32\ThreadingModel = "Both" Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist\shell\open Soundpad.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\OpenWithList\ehshell.exe\ Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\shell Soundpad.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\Copyright = "Copyright (C) 2016-2019 Leppsoft" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soundpad-cracked-by-2u-main\\SoundPad\\Soundpad.exe,1" Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad Soundpad.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\InprocServer32\ = "C:\\Windows\\system32\\UniteFx.dll" Soundpad.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MaxInstances = "4294967295" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\NumAPOInterfaces = "1" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\OpenWithList\ehshell.exe Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad\shell\open Soundpad.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MinInputConnections = "1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71} regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\InprocServer32\ Soundpad.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MajorVersion = "1" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl\OpenWithProgids Soundpad.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MaxInstances = "4294967295" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\NumAPOInterfaces = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MaxOutputConnections = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\MaxOutputConnections = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{27384E53-9860-0AC1-9519-C60EBCAA2C71}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist\DefaultIcon Soundpad.exe Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Soundpad.Soundlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\soundpad-cracked-by-2u-main\\SoundPad\\Soundpad.exe\" \"%1\"" Soundpad.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.spl Soundpad.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 3352 Soundpad.exe Token: 33 3308 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3308 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3352 Soundpad.exe 3352 Soundpad.exe 3352 Soundpad.exe 3352 Soundpad.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3352 wrote to memory of 2556 3352 Soundpad.exe 84 PID 3352 wrote to memory of 2556 3352 Soundpad.exe 84 PID 3352 wrote to memory of 1396 3352 Soundpad.exe 85 PID 3352 wrote to memory of 1396 3352 Soundpad.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\soundpad-cracked-by-2u-main\SoundPad\Soundpad.exe"C:\Users\Admin\AppData\Local\Temp\soundpad-cracked-by-2u-main\SoundPad\Soundpad.exe"1⤵
- Checks computer location settings
- Registers COM server for autorun
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3352 -
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\UniteFx.dll"2⤵
- Loads dropped DLL
- Modifies registry class
PID:2556
-
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\UniteFx.dll"2⤵
- Loads dropped DLL
- Modifies registry class
PID:1396
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x510 0x5181⤵
- Suspicious use of AdjustPrivilegeToken
PID:3308
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
442KB
MD50ee743073ee6b68f8222be2661d95315
SHA12e642772ec19edf73422fe25a8d45db1a006ff85
SHA256562b17370c7283e92a3353b76ab2aefd301c2e78782fa60ec9ee35676ad44f96
SHA512c3f2037bd37cef7978187f67f1d0633ee3067b4837e0ad9ae2a5c8efab8ec4ce6a14c1d88e200ffaa8677f74fd5995789297e6a7b5ac18d19dc9d53b4d9170ba
-
Filesize
442KB
MD50ee743073ee6b68f8222be2661d95315
SHA12e642772ec19edf73422fe25a8d45db1a006ff85
SHA256562b17370c7283e92a3353b76ab2aefd301c2e78782fa60ec9ee35676ad44f96
SHA512c3f2037bd37cef7978187f67f1d0633ee3067b4837e0ad9ae2a5c8efab8ec4ce6a14c1d88e200ffaa8677f74fd5995789297e6a7b5ac18d19dc9d53b4d9170ba
-
Filesize
442KB
MD50ee743073ee6b68f8222be2661d95315
SHA12e642772ec19edf73422fe25a8d45db1a006ff85
SHA256562b17370c7283e92a3353b76ab2aefd301c2e78782fa60ec9ee35676ad44f96
SHA512c3f2037bd37cef7978187f67f1d0633ee3067b4837e0ad9ae2a5c8efab8ec4ce6a14c1d88e200ffaa8677f74fd5995789297e6a7b5ac18d19dc9d53b4d9170ba