Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
16/10/2023, 08:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fbcf4b139b3d57836e9de6f35bcd5441be4d122a9c489bb495d91b838cbbe9d6.dll
Resource
win7-20230831-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
fbcf4b139b3d57836e9de6f35bcd5441be4d122a9c489bb495d91b838cbbe9d6.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
fbcf4b139b3d57836e9de6f35bcd5441be4d122a9c489bb495d91b838cbbe9d6.dll
-
Size
199KB
-
MD5
87cab89f064f338cea39729d8c5939fc
-
SHA1
3ad461bedaa46de26a0eedc7aeb45ea913c83017
-
SHA256
fbcf4b139b3d57836e9de6f35bcd5441be4d122a9c489bb495d91b838cbbe9d6
-
SHA512
05391e9cdeaf3912593d07b86cc231bd39a7a7d666b839b3e27c9ef026905392ddb1f8558bfc76861ee1ce28954180f6c0f4fc63ecf95c5db93a4aa5a0683993
-
SSDEEP
3072:fIIIIQ9r1YEkZ6BQkiHbqRIV2I/s6aoJ6WSxpdOkzZzFFQmkkO:fIIIIQ9r1GZ6BQ/Vts6GpdjfnkkO
Score
7/10
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe -
Modifies registry class 38 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\ = "FastCopy" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fbcf4b139b3d57836e9de6f35bcd5441be4d122a9c489bb495d91b838cbbe9d6.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2136 wrote to memory of 2808 2136 regsvr32.exe 28 PID 2136 wrote to memory of 2808 2136 regsvr32.exe 28 PID 2136 wrote to memory of 2808 2136 regsvr32.exe 28 PID 2136 wrote to memory of 2808 2136 regsvr32.exe 28 PID 2136 wrote to memory of 2808 2136 regsvr32.exe 28 PID 2136 wrote to memory of 2808 2136 regsvr32.exe 28 PID 2136 wrote to memory of 2808 2136 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\fbcf4b139b3d57836e9de6f35bcd5441be4d122a9c489bb495d91b838cbbe9d6.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\fbcf4b139b3d57836e9de6f35bcd5441be4d122a9c489bb495d91b838cbbe9d6.dll2⤵
- Modifies system executable filetype association
- Modifies registry class
PID:2808
-