Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 18:23

General

  • Target

    dc4e3915bf391a50d42e592d62b0d9c9.dll

  • Size

    636KB

  • MD5

    dc4e3915bf391a50d42e592d62b0d9c9

  • SHA1

    9fe8f6579a2e35a4ffa3a2650d86666a0b8dfddb

  • SHA256

    10ad0e46cb44c3b9bca4f20a53737952b1bf6511dbed8a76f60ca978c90b8153

  • SHA512

    5e1e4a9330a908282ac4bad66b6116d32514f15313abb37b2b6baba25f23cc56b599f2137ee4090e2bedab9b689a3322bf70188a5e7c7f8909bba3bfd0728a64

  • SSDEEP

    12288:sM0t9FNcxDMmfrLAF8rZIRf2MmsX4e6AQ8eaeiRh5/fO79s:8tjNcXnVInv4e3PeaeGhR

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dc4e3915bf391a50d42e592d62b0d9c9.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\dc4e3915bf391a50d42e592d62b0d9c9.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4880
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2684

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads