e45055b07b7bd92626b2e420ab4633e096714dc3da455423f11bc31148fd016e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51f30024b29577760446aeababb52b3b.dll
Size

138KB
MD5

51f30024b29577760446aeababb52b3b
SHA1

518564ba6ce68cca43963f5ec56d0a6194ead1c6
SHA256

e45055b07b7bd92626b2e420ab4633e096714dc3da455423f11bc31148fd016e
SHA512

faa35003073d85a2b8d8e77ce75eafc49f23e80f017d72b9bb3f35ec6628fb429af4c2f344cd553a5d5cc649fa3facd2cf1a4841c8d8f5ff8f30823cc2154c0c
SSDEEP

3072:nniCKttdWakp6GzofLHP8QyiKUv5EjT5TDu4UxfdwQxPIOw:iCKttdakGwxxKUB4MdB

Score

1^/10

Malware Config

Signatures

Modifies registry class 25 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\51f30024b29577760446aeababb52b3b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\pangccply.launchpangccply\Clsid\ = "{CA9927A1-0467-44A5-81AD-2E60C06CC166}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0\ = "pangccply Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\pangccply.launchpangccply\ = "pangccply Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\ = "pangccply Control"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pangccply.launchpangccply\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\ProgID\ = "pangccply.launchpangccply"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\51f30024b29577760446aeababb52b3b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\TypeLib\ = "{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77664D7E-12DE-46A2-AFCB-E3B8D5E70B1C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pangccply.launchpangccply	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA9927A1-0467-44A5-81AD-2E60C06CC166}\ProgID	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 2292	1416	regsvr32.exe	14
PID 1416 wrote to memory of 2292	1416	regsvr32.exe	14
PID 1416 wrote to memory of 2292	1416	regsvr32.exe	14
PID 1416 wrote to memory of 2292	1416	regsvr32.exe	14
PID 1416 wrote to memory of 2292	1416	regsvr32.exe	14
PID 1416 wrote to memory of 2292	1416	regsvr32.exe	14
PID 1416 wrote to memory of 2292	1416	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\51f30024b29577760446aeababb52b3b.dll
1⤵
- Modifies registry class
PID:2292

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\51f30024b29577760446aeababb52b3b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1416

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads