7905df7457eea6b6c6d9f521a587121dd2bf5737d9b62454f7e6473fe7cddf21

Resubmissions

27-04-2024 22:49

240427-2rth2aad39 10

27-04-2024 22:47

240427-2qnamaac87 3

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iasnap/mfds.dll
Size

940KB
MD5

2555ca538cfa951b193896509b847730
SHA1

11d95c5d4f1836db092632e9a84a36a5b80563e9
SHA256

8c965bae549766b7fa4b9d9c7e56a729abc5474484efe94663b3c8bfd0429719
SHA512

2d0606b9fa6b9bdcbab1ed000af9df3369eb3a260014d3b3fa2fc407568d1729eb85af8117f8fd2bb354d4cfeb32382217ebccc3b2019aec4e9e1a5ec0061ec4
SSDEEP

24576:1jNufeKFyo5zYINB2USKfkTInCyVNImtGQty:1jNufeKFyUzYIWZSkTMJt3ty

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{eb4d075a-65c0-476b-956c-c605eade03f7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f792beee-aeaf-4ebb-ab14-8bc5c8c695a8}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0344ec28-5339-4124-a186-2e8eef168785}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{743a6e3b-a5df-43ed-b615-4256add790b8}\InprocServer32	regsvr32.exe

Modifies registry class 8 IoCs

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F792BEEE-AEAF-4EBB-AB14-8BC5C8C695A8}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f792beee-aeaf-4ebb-ab14-8bc5c8c695a8}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0344EC28-5339-4124-A186-2E8EEF168785}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0344ec28-5339-4124-a186-2e8eef168785}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{743A6E3B-A5DF-43ED-B615-4256ADD790B8}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{743a6e3b-a5df-43ed-b615-4256add790b8}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EB4D075A-65C0-476B-956C-C605EADE03F7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{eb4d075a-65c0-476b-956c-c605eade03f7}\InprocServer32	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\iasnap\mfds.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads