77efe94379d8e5850b21dfd5af81eee17b6975a39fd0a060366e78f86d91fa73

General

Target

VGX.dll
Size

1010KB
MD5

7cf6d2b827d9985c4e4fcabc17924a8a
SHA1

27fdb61f7082a7402ea246fd45caf7d17b82e227
SHA256

77efe94379d8e5850b21dfd5af81eee17b6975a39fd0a060366e78f86d91fa73
SHA512

792012137c6fb3fa52fb1ada3d02a0b103076c30123b89c02c6100a904dff52b93493cde1d2560e265be528ea49edeb036b1175fccbd778bf98ca03718183156
SSDEEP

12288:XYZvK1lW0pLtTiM2skbZsVSV8tQemtCPDIXgVVS8WhQhTqqij8Vy:oXaViM4SVSVOIt7gC3+TTL

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\VGX.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML = "1.0"	regsvr32.exe

Modifies registry class 27 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\ = "PeerDraw Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Implemented Categories	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\VersionIndependentProgID\ = "PeerDraw.PeerDraw"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Implemented Categories	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PeerDraw.PeerDraw.1\ = "PeerDraw Class"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\VGX.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\ProgID\ = "PeerDraw.PeerDraw.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\ProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PeerDraw.PeerDraw.1\CLSID\ = "{10072CEC-8CC1-11D1-986E-00A0C955B42E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\VersionIndependentProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\Component Categories	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PeerDraw.PeerDraw\ = "PeerDraw Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PeerDraw.PeerDraw\CurVer\ = "PeerDraw.PeerDraw.1"	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\VGX.dll
1⤵
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:4152