5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1

Analysis

max time kernel
117s
max time network
143s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 23:46

Target

Feonjuackm.bin.dll
Size

583KB
MD5

0245e02cbb6ffe2716c2aeb7fb8006d0
SHA1

59dd3d2477211eb4fcd72b542812a2036fa0e1e8
SHA256

5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1
SHA512

0c2e863512f2d83429e681cbcdb31bf9c6f0a69611f6d8923198d51d1e49750f4bf441c8ce256fb44a9cb39a6855e70fcbc644739926570214400bd06a683d82
SSDEEP

12288:ujan3B7+2OoGEwYXorDxBDWgyv9cii8VPezCTr:Jn3B7+2OyJo/DWz9cS2zW

Score

1^/10

Modifies registry class 2 IoCs

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000_CLASSES\CLSID\{CD1A6948-1029-6F7B-A9B0-B5B689432798}	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000_CLASSES\CLSID\{CD1A6948-1029-6F7B-A9B0-B5B689432798}\ = a43d5f98cd15ecc752b0855665d7073e6a02593e2cd6870dba8491df3f156301f6c0402f315f60d37ce179d5f6c4b31fcd04504a06031ad8cbbb3f789b14b2728cbd5d6715a5bbe92494c674a4ed4962d0410a2ae60a8fb98419f4289e4efe5387af674c0390bc8d0c65899ec389f20146847f9fe9e2bcfefd340c9636ec25ee9f345026cc5e99c03f5153305c4cb31376a394e69baf89d92159d5e6929e76a70af3757d170f3e5bd1e46624d11042ca1ea47abe906c4832c79fc773693153d89bf2572f2e4d3551de07662a4248c544ea76bc526da3107b55ba047ead017e619d426e2c5843ca8126cb950021bf1d6074dc087ca9fcc79336d1e7e3a63d72db81ad892044bb1fffb4f272bed1ad0340d39914d3	regsvr32.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Feonjuackm.bin.dll
1⤵
- Modifies registry class
PID:2956

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\Cab92A1.tmp
Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
memory/2956-1-0x0000000000120000-0x000000000016F000-memory.dmp

Filesize
316KB

Download
memory/2956-2-0x0000000001DD0000-0x0000000001E1C000-memory.dmp

Filesize
304KB

Download
memory/2956-8-0x0000000001DD0000-0x0000000001E1C000-memory.dmp

Filesize
304KB

Download
memory/2956-9-0x0000000001DD0000-0x0000000001E1C000-memory.dmp

Filesize
304KB

Download
memory/2956-10-0x0000000000120000-0x000000000016F000-memory.dmp

Filesize
316KB

Download
memory/2956-29-0x0000000001DD0000-0x0000000001E1C000-memory.dmp

Filesize
304KB

Download
memory/2956-30-0x0000000001DD0000-0x0000000001E1C000-memory.dmp

Filesize
304KB

Download
memory/2956-32-0x0000000001DD0000-0x0000000001E1C000-memory.dmp

Filesize
304KB

Download