fa9a9b5732508b34cc8f07583220a10b33ec441b057f83bb5772c84e79c1706b

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa9a9b5732508b34cc8f07583220a10b33ec441b057f83bb5772c84e79c1706b.dll
Size

645KB
MD5

f63a546f209b80a1d3c63b7491e0a468
SHA1

5fc767ae525884d88a5e59bd2357b9684a9350b5
SHA256

fa9a9b5732508b34cc8f07583220a10b33ec441b057f83bb5772c84e79c1706b
SHA512

0c10c63f49e5cc4a4666687af532d0e9d333e28285e2249392770c0b50c8501817d9078c161466a0bd95671ea01b050c8b0a3de996d53211dc4aee45b65adcc9
SSDEEP

12288:/FHKqcjsa3rsKZOKJh0+LX9UHcZP6gJFsiEQcvf0g1:/FHKqgsSs1+LX95ZigJFM7vfV1

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fa9a9b5732508b34cc8f07583220a10b33ec441b057f83bb5772c84e79c1706b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\DriveMask = "255"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fa9a9b5732508b34cc8f07583220a10b33ec441b057f83bb5772c84e79c1706b.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fa9a9b5732508b34cc8f07583220a10b33ec441b057f83bb5772c84e79c1706b.IA-32.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fa9a9b5732508b34cc8f07583220a10b33ec441b057f83bb5772c84e79c1706b.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads