a307cf218a6888ff6e5f44ec8d1ccda6a8a63e62d82d9aa2b857729a1661d5c6

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a307cf218a6888ff6e5f44ec8d1ccda6a8a63e62d82d9aa2b857729a1661d5c6.dll
Size

366KB
MD5

9bfdd3f275ee791fd70552fac1af59db
SHA1

84da69af5dd9946c6208d5f59b583db5afe09dfc
SHA256

a307cf218a6888ff6e5f44ec8d1ccda6a8a63e62d82d9aa2b857729a1661d5c6
SHA512

33d81582801440fff5bb8e3b604cd333b7ccdd797df4aa0969d8b9674eb17f003b342e5fcf021d6bfcc41721b590fb857733652b369529f9d32ce2b9b87618e0
SSDEEP

3072:vbPvTpVpA4NpX/wZW4w9bqbN/76J0KW1mCqMDQ+3kFKGNxL0pG587C1vD:bvTpVpNNpX/6W4w9bS/5XmCqu0FKG1xL

Score

1^/10

Malware Config

Signatures

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020021-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002000D-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020000-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002000F-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020021-0000-0000-C000-000000000046}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020003-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020003-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002000D-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020020-0000-0000-C000-000000000046}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020020-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020000-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020001-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020001-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002000F-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 1996	2608	regsvr32.exe	85
PID 2608 wrote to memory of 1996	2608	regsvr32.exe	85
PID 2608 wrote to memory of 1996	2608	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a307cf218a6888ff6e5f44ec8d1ccda6a8a63e62d82d9aa2b857729a1661d5c6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a307cf218a6888ff6e5f44ec8d1ccda6a8a63e62d82d9aa2b857729a1661d5c6.dll
  2⤵
  - Modifies registry class
  PID:1996

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads