b302347f2193396023ac40f4544997a3549163de8e2b4eb61496d6f92f52dab0

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13e4138aeef587c039eb8afba2de4284.dll
Size

449KB
MD5

13e4138aeef587c039eb8afba2de4284
SHA1

9746a5e2736b6962beccd95a5b1d8da910797943
SHA256

b302347f2193396023ac40f4544997a3549163de8e2b4eb61496d6f92f52dab0
SHA512

b546d7bb03281a7cdcf839d06338b2e79214a4d6c92b4ba18627ac4cc9b94f3be96637988753152b8e8d084d2d1ff2250a60549587adeb12a344c674bef78a5d
SSDEEP

6144:yWIH1QSd9zIoBhWWUtjNcWqqqRywoei/ZNsuzZdQ0Sn6rU5nHrizG:f6/dFIkhy1HqqlwpWtzZdQz14S

Score

1^/10

Malware Config

Signatures

Modifies registry class 38 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8792A31-F385-493C-A893-40F64EB45F6E}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A96ED84-7C73-4480-9938-BF5AF477D426}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{482B05C0-4056-44ED-9E0F-5E23B009DA93}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{88E04DB3-1012-4D64-9996-F703A950D3F4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C8C6DBF-E3DC-4061-BECC-8542E810D126}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10ECE955-CF41-4728-BFA0-41EEDF1BBF19}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7F6D695C-03DF-4439-A809-59266BEEE3A6}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9DEACB80-11E8-40E3-A9F3-F557986A7845}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A96ED84-7C73-4480-9938-BF5AF477D426}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C8C6DBF-E3DC-4061-BECC-8542E810D126}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1567595-4C2F-4574-A6FA-ECEF917B9A40}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8878AC-D841-4D17-891C-E6829CDB6934}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{88E04DB3-1012-4D64-9996-F703A950D3F4}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C8C6DBF-E3DC-4061-BECC-8542E810D126}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8792A31-F385-493C-A893-40F64EB45F6E}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7F6D695C-03DF-4439-A809-59266BEEE3A6}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{625E2DF8-6392-4CF0-9AD1-3CFA5F17775C}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10ECE955-CF41-4728-BFA0-41EEDF1BBF19}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8878AC-D841-4D17-891C-E6829CDB6934}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{625E2DF8-6392-4CF0-9AD1-3CFA5F17775C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8792A31-F385-493C-A893-40F64EB45F6E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8792A31-F385-493C-A893-40F64EB45F6E}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9DEACB80-11E8-40E3-A9F3-F557986A7845}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9DEACB80-11E8-40E3-A9F3-F557986A7845}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1567595-4C2F-4574-A6FA-ECEF917B9A40}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{482B05C0-4056-44ED-9E0F-5E23B009DA93}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8792A31-F385-493C-A893-40F64EB45F6E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10ECE955-CF41-4728-BFA0-41EEDF1BBF19}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7F6D695C-03DF-4439-A809-59266BEEE3A6}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A96ED84-7C73-4480-9938-BF5AF477D426}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8878AC-D841-4D17-891C-E6829CDB6934}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{88E04DB3-1012-4D64-9996-F703A950D3F4}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1567595-4C2F-4574-A6FA-ECEF917B9A40}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{482B05C0-4056-44ED-9E0F-5E23B009DA93}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{625E2DF8-6392-4CF0-9AD1-3CFA5F17775C}\ProxyStubClsid32	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1868	2892	regsvr32.exe	16
PID 2892 wrote to memory of 1868	2892	regsvr32.exe	16
PID 2892 wrote to memory of 1868	2892	regsvr32.exe	16
PID 2892 wrote to memory of 1868	2892	regsvr32.exe	16
PID 2892 wrote to memory of 1868	2892	regsvr32.exe	16
PID 2892 wrote to memory of 1868	2892	regsvr32.exe	16
PID 2892 wrote to memory of 1868	2892	regsvr32.exe	16

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\13e4138aeef587c039eb8afba2de4284.dll
1⤵
- Modifies registry class
PID:1868

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\13e4138aeef587c039eb8afba2de4284.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1868-0-0x0000000075000000-0x0000000075074000-memory.dmp

Filesize
464KB

Download
memory/1868-2-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/1868-5-0x0000000000190000-0x00000000001B5000-memory.dmp

Filesize
148KB

Download
memory/1868-6-0x0000000000190000-0x00000000001B5000-memory.dmp

Filesize
148KB

Download
memory/1868-4-0x0000000075000000-0x0000000075074000-memory.dmp

Filesize
464KB

Download
memory/1868-3-0x0000000000190000-0x00000000001B5000-memory.dmp

Filesize
148KB

Download
memory/1868-1-0x0000000075000000-0x0000000075074000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads