0436fd55a874ef3acf5a5ce382b8fd43014d39e5a59f788c4b4f66d943b48ad8

Analysis

max time kernel
135s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Anubis_Cracker_v1.2.1/mstscax.dll
Size

6.3MB
MD5

d2ecfeb7878010245ab8b3df577bb33a
SHA1

5c0fa6f27812731b2e69e9fa9b65fed6a9e5a6dd
SHA256

2ace1854323cd9a19a96f7b1eb079580afe480483b10bc5058a811207a5a455b
SHA512

575c68a58dd358afedae7c7bee12b1c23b906ed88dc5c0251e8d92343427dc335622bbb9ae665fc98f5e9b6238310c198421fddcbd5f93026b339103e3b40be5
SSDEEP

196608:uJ0gWhydrU/OHs3xJC5yhjm8w2ZlJalR2BhakBaevJp/4OnnlRCNtdIohyiiPPQo:+0gWhydrUmHs3xE0jm8w2XJs4BhakBaQ

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1230201-1439-4E62-A414-190D0AC3D40E}\InProcServer32	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{260EC22D-8CBC-44B5-9E88-2A37F6C93AE9}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{260EC22D-8CBC-44B5-9E88-2A37F6C93AE9}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230206-9A39-4D58-8674-CDB4DFF4E73B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B7ACC97-F3C9-46F7-8C5B-FA685D3441B1}\ProxyStubClsid32\ = "{A1230201-1439-4E62-A414-190D0AC3D40E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA326091-05FE-40C1-B49C-3D2EF4626A0E}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{a41a4187-5a86-4e26-b40a-856f9035d9cb}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230201-1439-4E62-A414-190D0AC3D40E}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D3E07363-087C-476C-86A7-DBB15F46DDB4}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B7ACC97-F3C9-46F7-8C5B-FA685D3441B1}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{a41a4187-5a86-4e26-b40a-856f9035d9cb}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230201-1439-4E62-A414-190D0AC3D40E}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D782928E-FE4E-4E77-AE90-9CD0B3E3B353}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{260EC22D-8CBC-44B5-9E88-2A37F6C93AE9}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C11EFA1-92C3-11D1-BC1E-00C04FA31489}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EAB16C5D-EED1-4E95-868B-0FBA1B42C092}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230205-D6A7-11D8-B9FD-000BDBD1F198}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3523c2fb-4031-44e4-9a3b-f1e94986ee7f}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230207-D6A7-11D8-B9FD-000BDBD1F198}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230207-D6A7-11D8-B9FD-000BDBD1F198}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D3E07363-087C-476C-86A7-DBB15F46DDB4}\ = "IWTSPluginServiceProvider"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA326091-05FE-40C1-B49C-3D2EF4626A0E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54d38bf7-b1ef-4479-9674-1bd6ea465258}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7584c670-2274-4efb-b00b-d6aaba6d3850}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230203-D6A7-11D8-B9FD-000BDBD1F198}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230206-9A39-4D58-8674-CDB4DFF4E73B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54CE37E0-9834-41ae-9896-4DAB69DC022B}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{260EC22D-8CBC-44B5-9E88-2A37F6C93AE9}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{a9d7038d-b5ed-472e-9c47-94bea90a5910}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230204-D6A7-11D8-B9FD-000BDBD1F198}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D782928E-FE4E-4E77-AE90-9CD0B3E3B353}\ProxyStubClsid32\ = "{A1230201-1439-4E62-A414-190D0AC3D40E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B7ACC97-F3C9-46F7-8C5B-FA685D3441B1}\NumMethods\ = "6"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6AE29350-321B-42be-BBE5-12FB5270C0DE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54d38bf7-b1ef-4479-9674-1bd6ea465258}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{971127BB-259F-48c2-BD75-5F97A3331551}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5F681803-2900-4C43-A1CC-CF405404A676}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EAB16C5D-EED1-4E95-868B-0FBA1B42C092}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{260EC22D-8CBC-44B5-9E88-2A37F6C93AE9}\TypeLib\ = "{8C11EFA1-92C3-11D1-BC1E-00C04FA31489}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230203-D6A7-11D8-B9FD-000BDBD1F198}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D3E07363-087C-476C-86A7-DBB15F46DDB4}\NumMethods\ = "4"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4}\ToolboxBitmap32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA326091-05FE-40C1-B49C-3D2EF4626A0E}\ProxyStubClsid32\ = "{A1230201-1439-4E62-A414-190D0AC3D40E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA326091-05FE-40C1-B49C-3D2EF4626A0E}\NumMethods\ = "4"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1230204-D6A7-11D8-B9FD-000BDBD1F198}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{260EC22D-8CBC-44B5-9E88-2A37F6C93AE9}\ = "IRemoteDesktopClientTouchPointer"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D3E07363-087C-476C-86A7-DBB15F46DDB4}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D782928E-FE4E-4E77-AE90-9CD0B3E3B353}\NumMethods\ = "4"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{260EC22D-8CBC-44B5-9E88-2A37F6C93AE9}\ = "IRemoteDesktopClientTouchPointer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B7ACC97-F3C9-46F7-8C5B-FA685D3441B1}\ = "IWTSBitmapRenderer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8C11EFA1-92C3-11D1-BC1E-00C04FA31489}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D782928E-FE4E-4E77-AE90-9CD0B3E3B353}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4eb2f086-c818-447e-b32c-c51ce2b30d31}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d2ea46a7-c2bf-426b-af24-e19c44456399}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7584c670-2274-4efb-b00b-d6aaba6d3850}\ToolboxBitmap32	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Anubis_Cracker_v1.2.1\mstscax.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads