669c707b92ef46bb56e385ba65e40650ab31927569f69a3bc8c3e0af56373ee1

Analysis

max time kernel
146s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 10:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

676ff4e5e85a9efc54e2c39f8ea3d9bd.dll
Size

28KB
MD5

676ff4e5e85a9efc54e2c39f8ea3d9bd
SHA1

12c5273d52f4aadedb13d067f5d837ac95678b06
SHA256

669c707b92ef46bb56e385ba65e40650ab31927569f69a3bc8c3e0af56373ee1
SHA512

25d503a3e6a7c7419703cbbc70fc454558cb0774295d12485ba6ba5003b6da139054dfb7177c06f0ea1efadb6e5488b0c5dd089dd3f502971d61b3c381c77f78
SSDEEP

192:x6V12UYDfIF3LSovO3IGAOHG4lH2rpmSFCfre1mlDkAjZy5MGlMf:x6V47jIlY3+GG4lWEDA5pqf

Score

1^/10

Malware Config

Signatures

Modifies registry class 62 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\VERSION	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ = "_TVrunPeCls"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TVrunpe.TVrunPeCls	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\TypeLib\ = "{86361AF8-E321-4845-A89A-6EC4A5DABC2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\TypeLib\ = "{86361AF8-E321-4845-A89A-6EC4A5DABC2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ = "_TVrunPeCls"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ = "__TVrunPeCls"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\676ff4e5e85a9efc54e2c39f8ea3d9bd.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ProxyStubClsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0\ = "TVrunpe"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\TypeLib\ = "{86361AF8-E321-4845-A89A-6EC4A5DABC2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TVrunpe.TVrunPeCls\ = "TVrunpe.TVrunPeCls"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ = "__TVrunPeCls"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\Implemented Categories	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ = "TVrunPeCls"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ = "TVrunPeCls"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\TypeLib\ = "{86361AF8-E321-4845-A89A-6EC4A5DABC2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\ProgID\ = "TVrunpe.TVrunPeCls"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\VERSION\ = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TVrunpe.TVrunPeCls\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\TypeLib\ = "{86361AF8-E321-4845-A89A-6EC4A5DABC2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\ = "TVrunpe.TVrunPeCls"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ProxyStubClsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TVrunpe.TVrunPeCls\Clsid\ = "{F04DFCB3-D769-49DB-B4DF-23E16E118247}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{910A2900-CB86-43DC-9BAF-0D38080612BD}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\676ff4e5e85a9efc54e2c39f8ea3d9bd.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F04DFCB3-D769-49DB-B4DF-23E16E118247}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9802D0D3-7198-45E3-A998-FEE673B6C104}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86361AF8-E321-4845-A89A-6EC4A5DABC2D}\2.0\0\win32	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 4764	1216	regsvr32.exe	88
PID 1216 wrote to memory of 4764	1216	regsvr32.exe	88
PID 1216 wrote to memory of 4764	1216	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\676ff4e5e85a9efc54e2c39f8ea3d9bd.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\676ff4e5e85a9efc54e2c39f8ea3d9bd.dll
  2⤵
  - Modifies registry class
  PID:4764

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads