9ac2f6367e2403726214604b7479d54802de6e0962524f087808ca6fc2c94160

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2023, 00:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9ac2f6367e2403726214604b7479d54802de6e0962524f087808ca6fc2c94160.dll
Size

366KB
MD5

8d310cd6f8e9df69b4431612293ddbde
SHA1

d2a4ddd4fd8cd49eb965292521b94a847acd0bf0
SHA256

9ac2f6367e2403726214604b7479d54802de6e0962524f087808ca6fc2c94160
SHA512

6653ada977e47d2c68906e08e2f20b50bb276c347536d074d4ac922e745d055cc2abd34eb9d26770c934a6ad579af228e9af65b6f0aca0e845beb9d472869014
SSDEEP

3072:6bPvTpVpA4NpX/wZW4w9bqbN/76J0KW1mTqMDQ+3kFKGNxL0pG587C1vD:YvTpVpNNpX/6W4w9bS/5XmTqu0FKG1xL

Score

1^/10

Malware Config

Signatures

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020021-0000-0000-C000-000000000046}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020000-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020000-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020003-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002000F-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020003-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002000D-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002000F-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020021-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020001-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020001-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020020-0000-0000-C000-000000000046}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020020-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002000D-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1616	1960	regsvr32.exe	90
PID 1960 wrote to memory of 1616	1960	regsvr32.exe	90
PID 1960 wrote to memory of 1616	1960	regsvr32.exe	90

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9ac2f6367e2403726214604b7479d54802de6e0962524f087808ca6fc2c94160.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9ac2f6367e2403726214604b7479d54802de6e0962524f087808ca6fc2c94160.dll
  2⤵
  - Modifies registry class
  PID:1616

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads