Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 08:05

General

  • Target

    c81ee910e630d60c94cc2052240b57e0.dll

  • Size

    168KB

  • MD5

    c81ee910e630d60c94cc2052240b57e0

  • SHA1

    4e4502ba390898e0f2cf158f4a5cc4fe2a0eefaf

  • SHA256

    1b04a8b971c4a85d638a5715613ba9762a2cf982ed92a1ac6f388ad543e47b17

  • SHA512

    aa2d7012c68ebbc8f4dd1e5ea2c707887ebd0dd6dc25f40274e4360deddecb47c3179b258cdd967f6aa6df80e043748dfbeaa802a6ae961a21dd01dffcf80b12

  • SSDEEP

    1536:KPKmIIVFqCjHy6qdJXk0o8DHTftzrL/ti2MSGVjUf+N7ofVHfZ6dyD4s:KnIGqC+JU0PDztcjUf+7ofV/4oD

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 31 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c81ee910e630d60c94cc2052240b57e0.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\c81ee910e630d60c94cc2052240b57e0.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads