Malware Analysis Report

2025-03-14 22:36

Sample ID 240406-sdj8rsdd93
Target 12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387
SHA256 12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387

Threat Level: Shows suspicious behavior

The file 12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Registers COM server for autorun

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 15:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 15:00

Reported

2024-04-06 15:03

Platform

win7-20240221-en

Max time kernel

119s

Max time network

129s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll

Signatures

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\Version C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ProgID\ = "My64Class.math.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Programmable C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\VersionIndependentProgID\ = "My64Class.math" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Version\ = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ = "My64Class Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\ = "My64Class Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Version C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\ = "my64Lib" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ = "IMy64Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\CurVer C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\Version\ = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\CLSID\ = "{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\ = "My64Class Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\CurVer\ = "My64Class.math.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\ = "CompReg Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ = "IMy64Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1 C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll

Network

N/A

Files

memory/1948-0-0x000007FEF5E40000-0x000007FEF6249000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 15:00

Reported

2024-04-06 15:03

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

152s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll

Signatures

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Programmable C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\Version\ = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ = "IMy64Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\CurVer C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Version C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Version\ = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\VersionIndependentProgID\ = "My64Class.math" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\ = "CompReg Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ProgID\ = "My64Class.math.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ = "My64Class Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\CLSID\ = "{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ = "IMy64Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\Version C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\CurVer\ = "My64Class.math.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\ = "My64Class Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\ = "My64Class Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\ = "my64Lib" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\TypeLib C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 83.211.222.173.in-addr.arpa udp

Files

memory/2124-0-0x00007FFEF7DC0000-0x00007FFEF81C9000-memory.dmp