3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll
Size

1.0MB
MD5

cc7916cc4d2a8043adccba82401dd169
SHA1

374273f6ed840f87f85ad915f612770af82dabf7
SHA256

3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b
SHA512

9cbc2297ec2a31b02c22aa1aa98a8ea1bf00829aef4b12d4049ae4ba82974341e8683a0e655dca45d9ddac7fae9de267a68fc336108e9fcf57ede49705097041
SSDEEP

6144:TAbQT+rY8tt9mJ3MNYtPB/zoquSJCpeOlORV8:TAW41/G7B/zPuSa

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 24 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927E938}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF92}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF92}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF94}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927F974}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927E938}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927E938}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF94}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF92}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF94}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927F974}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927F974}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FF94}\FriendlyName = "vMix Video External 2 YV12"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927F974}\ = "vMix Video External 2"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927F974}\FriendlyName = "vMix Video External 2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF92}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF94}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\FriendlyName = "vMix Video External 3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FDD4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927F974}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927E938}\ = "vMix Video"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927E938}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF92}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927E938}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FF92}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FF94}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\FriendlyName = "vMix Video External 4 YV12"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927F974}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927F974}\CLSID = "{8E14549A-DB61-4309-AFA1-3578E927F974}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927E938}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927E938}\CLSID = "{8E14549A-DB61-4309-AFA1-3578E927E938}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF92}\ = "vMix Video YV12"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FF92}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF92}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF94}\ = "vMix Video External 2 YV12"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF94}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\ = "vMix Video External 4 YV12"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FF92}\FriendlyName = "vMix Video YV12"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FF92}\CLSID = "{8E14549A-DB61-4309-AFA1-3578E927FF92}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\CLSID = "{8E14549A-DB61-4309-AFA1-3578E927FAA4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\CLSID = "{8E14549A-DB61-4309-AFA1-3578E927FCC4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\CLSID = "{8E14549A-DB61-4309-AFA1-3578E927FDD4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF92}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FCC4}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\CLSID = "{8E14549A-DB61-4309-AFA1-3578E927FBB4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FDD4}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927F974}\InprocServer32	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927F974}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\ = "vMix Video External 3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\ = "vMix Video External 4"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\FriendlyName = "vMix Video External 4"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF94}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FF94}\CLSID = "{8E14549A-DB61-4309-AFA1-3578E927FF94}"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FAA4}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FBB4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\ = "vMix Video External 3 YV12"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927F974}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FF94}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927FCC4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{8E14549A-DB61-4309-AFA1-3578E927FBB4}\FriendlyName = "vMix Video External 3 YV12"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E14549A-DB61-4309-AFA1-3578E927E938}\InprocServer32	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads