e1418e308b2444137e5909a1c39506cf5faf302d2df8eceb3d267b5e2c77ade6

Analysis

max time kernel
93s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 03:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

961703b5d8c1a01b8d1b11658793b541.dll
Size

517KB
MD5

961703b5d8c1a01b8d1b11658793b541
SHA1

d6fd9b891785f996a84b6d9dca5012f96f45e742
SHA256

e1418e308b2444137e5909a1c39506cf5faf302d2df8eceb3d267b5e2c77ade6
SHA512

7e597b880fbe5e61a58d83b6f9c1557eeb6765e24524be519b02e2e08f511f1182b2f5b02afaf6b1cf969b8c16cf5bf8ba97f676715dfc9e11ecf2ab0e417d48
SSDEEP

12288:47EaJcOEd2MqmW0Uj8C652ewOTXizFGUa2Sz0T:v8cNCmW0xT5iciw0

Score

1^/10

Malware Config

Signatures

Modifies registry class 53 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\TypeLib\ = "{6F9DB588-66C5-4904-A2C7-423961358E8C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\ = "IFlFixerEvents"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\961703b5d8c1a01b8d1b11658793b541.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\ProgID\ = "FlFxr3.FlFixer3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlFxr3.FlFixer3\ = "FlFixer Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0\ = "FlFxr3 Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\ = "IFlFixer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\961703b5d8c1a01b8d1b11658793b541.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\ = "IFlFixer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\ = "FlFixer Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\TypeLib\ = "{6F9DB588-66C5-4904-A2C7-423961358E8C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\TypeLib\ = "{6F9DB588-66C5-4904-A2C7-423961358E8C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlFxr3.FlFixer3\Clsid\ = "{72D597C4-2312-4116-BED4-4F9A2B2F710E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlFxr3.FlFixer3	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\ = "IFlFixerEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}\TypeLib\ = "{6F9DB588-66C5-4904-A2C7-423961358E8C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}\TypeLib\ = "{6F9DB588-66C5-4904-A2C7-423961358E8C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlFxr3.FlFixer3\Clsid	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 3060	3452	regsvr32.exe	85
PID 3452 wrote to memory of 3060	3452	regsvr32.exe	85
PID 3452 wrote to memory of 3060	3452	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\961703b5d8c1a01b8d1b11658793b541.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\961703b5d8c1a01b8d1b11658793b541.dll
  2⤵
  - Modifies registry class
  PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3060-0-0x0000000000920000-0x00000000009A6000-memory.dmp

Filesize
536KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads