Overview
overview
6Static
static
3ASYCFILT.dll
windows7-x64
1ASYCFILT.dll
windows10-2004-x64
1AUTORUN.exe
windows7-x64
1AUTORUN.exe
windows10-2004-x64
1BYDS.exe
windows7-x64
6BYDS.exe
windows10-2004-x64
6COMCAT.dll
windows7-x64
1COMCAT.dll
windows10-2004-x64
1DAO350.dll
windows7-x64
1DAO350.dll
windows10-2004-x64
1DBGRDCHS.dll
windows7-x64
1DBGRDCHS.dll
windows10-2004-x64
1DBGRID32.dll
windows7-x64
1DBGRID32.dll
windows10-2004-x64
1MCI32.dll
windows7-x64
1MCI32.dll
windows10-2004-x64
1MCICHS.dll
windows7-x64
1MCICHS.dll
windows10-2004-x64
1MSCC2CHS.dll
windows7-x64
1MSCC2CHS.dll
windows10-2004-x64
1MSCMCCHS.dll
windows7-x64
1MSCMCCHS.dll
windows10-2004-x64
1MSCOMCT2.dll
windows7-x64
1MSCOMCT2.dll
windows10-2004-x64
1MSCOMCTL.dll
windows7-x64
1MSCOMCTL.dll
windows10-2004-x64
1MSJET35.dll
windows7-x64
1MSJET35.dll
windows10-2004-x64
1MSJINT35.dll
windows7-x64
1MSJINT35.dll
windows10-2004-x64
1MSJTER35.dll
windows7-x64
1MSJTER35.dll
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 08:15
Static task
static1
Behavioral task
behavioral1
Sample
ASYCFILT.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral2
Sample
ASYCFILT.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
AUTORUN.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral4
Sample
AUTORUN.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
BYDS.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
BYDS.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
COMCAT.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
COMCAT.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
DAO350.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
DAO350.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
DBGRDCHS.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
DBGRDCHS.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
DBGRID32.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
DBGRID32.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
MCI32.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral16
Sample
MCI32.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
MCICHS.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral18
Sample
MCICHS.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
MSCC2CHS.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
MSCC2CHS.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
MSCMCCHS.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral22
Sample
MSCMCCHS.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
MSCOMCT2.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
MSCOMCT2.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
MSCOMCTL.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
MSCOMCTL.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
MSJET35.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral28
Sample
MSJET35.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
MSJINT35.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
MSJINT35.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
MSJTER35.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
MSJTER35.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
MSCOMCT2.dll
-
Size
632KB
-
MD5
c1b4af41a0370e4081d59ac99bcc929d
-
SHA1
c0c55de97f41a24bf50b2d08eb428371bb4a3cce
-
SHA256
2b7a1f905486736eda8b51add1bc2590c2a6d9d5a9ab7565335d989f39c0eb8e
-
SHA512
0bb987af80ab3b598f2d3008a6005484d2d4d082958e757aed3fd1cd5cca543f02d7b475e2c030e28e320d327dce4b4009894f51b7ab8f03acf54314d86d38b4
-
SSDEEP
12288:qxxeCsfuxdH8ZOlK/kV99RWiVwyzgAQk9yjWy6OcjKN7jsUseUbQ/D5v:qxUCwwd7T9fWQgAQkEjyOcjKJsUseuQF
Malware Config
Signatures
-
Modifies registry class 64 IoCs
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\Version\ = "2.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\ = "DDTPickerEvents" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\MiscStatus\1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\MiscStatus\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.Animation.2 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSCOMCT2.dll, 5" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker.2 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObjectFiles" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObjectFiles" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{603C7E7E-87C2-11D1-8BE3-0000F8754DA1} regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSCOMCT2.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B09DE713-87C1-11D1-8BE3-0000F8754DA1}\ = "IAnimation" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView.2\ = "Microsoft MonthView Control 6.0 (SP4)" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\Programmable regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B09DE713-87C1-11D1-8BE3-0000F8754DA1} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4}\ = "IFlatSB" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.UpDown\CurVer\ = "MSComCtl2.UpDown.2" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\TypeLib\Version = "2.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1}\TypeLib\Version = "2.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}\ = "DMonthViewEvents" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20DD1B9B-87C4-11D1-8BE3-0000F8754DA1}\ = "IDTPicker" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}\ = "DFlatSBEvents" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\ = "UpDown Buddy Property Page Object" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\Programmable regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar\ = "Microsoft Flat Scrollbar Control 6.0 (SP4)" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "2.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32 regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{603C7E7E-87C2-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\MiscStatus\1\ = "131473" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B09DE713-87C1-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}\TypeLib\Version = "2.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\VersionIndependentProgID\ = "MSComCtl2.UpDown" regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1736 wrote to memory of 1492 1736 regsvr32.exe regsvr32.exe PID 1736 wrote to memory of 1492 1736 regsvr32.exe regsvr32.exe PID 1736 wrote to memory of 1492 1736 regsvr32.exe regsvr32.exe