5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 23:48

Target

Feonjuackm.dll
Size

583KB
MD5

0245e02cbb6ffe2716c2aeb7fb8006d0
SHA1

59dd3d2477211eb4fcd72b542812a2036fa0e1e8
SHA256

5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1
SHA512

0c2e863512f2d83429e681cbcdb31bf9c6f0a69611f6d8923198d51d1e49750f4bf441c8ce256fb44a9cb39a6855e70fcbc644739926570214400bd06a683d82
SSDEEP

12288:ujan3B7+2OoGEwYXorDxBDWgyv9cii8VPezCTr:Jn3B7+2OyJo/DWz9cS2zW

Score

1^/10

Modifies registry class 2 IoCs

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\CLSID\{F0ED1ADA-99A1-ED75-9779-07937CD8D134}	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\CLSID\{F0ED1ADA-99A1-ED75-9779-07937CD8D134}\ = a43ddfd8ad6534e3a099b8f334a013b45775c3f9ce056f210475c8c8c5066d0e88550d30b71a4323e4251b26fe40717edc0f6cfcfbc4b8270b9bcf20bfa609b66e2a15cb5bc8a2eca557a6840c99439f450ca5640b935a204f37cbde07891ce04f4bd585a82af9ec9bdd3d20f473e50b490ab2f2645f456b3618b2238f9bff59d59702ffef28729c1d60a814eef37731c10b78f492a2162dab823f4bad9ef6e7ea63ad4921f418e8e9e064a31170b202fab6f3733f12cd73a887c3716a31d398bbc2efcb9c245ec367b21b7da817e3b571325e8105efeee2105956d7622f471404858c3f50cff474bb8cb793d9a30bdbc0a21f76362a22405cdc18fba2bfb37a3255dd0aebf57eaeddad942f8af9f5ebe190999e	regsvr32.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Feonjuackm.dll
1⤵
- Modifies registry class
PID:3348

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3348-1-0x00000000010C0000-0x000000000110F000-memory.dmp

Filesize
316KB

Download
memory/3348-2-0x0000000002BE0000-0x0000000002C2C000-memory.dmp

Filesize
304KB

Download
memory/3348-8-0x0000000002BE0000-0x0000000002C2C000-memory.dmp

Filesize
304KB

Download
memory/3348-9-0x0000000002BE0000-0x0000000002C2C000-memory.dmp

Filesize
304KB

Download
memory/3348-10-0x00000000010C0000-0x000000000110F000-memory.dmp

Filesize
316KB

Download
memory/3348-13-0x0000000002BE0000-0x0000000002C2C000-memory.dmp

Filesize
304KB

Download
memory/3348-14-0x0000000002BE0000-0x0000000002C2C000-memory.dmp

Filesize
304KB

Download
memory/3348-16-0x0000000002BE0000-0x0000000002C2C000-memory.dmp

Filesize
304KB

Download