ade09ff1a61d79064a4434d7e34820ead1a174867012373367dece0a4593d932 | Triage

Analysis

max time kernel
140s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:30

Sharing

Report Analysis Logs

General

Target

iasacct.dll
Size

64KB
MD5

03889d40f469fa8c50d85ad94f43a27c
SHA1

33c5f084b9f77dd36f182a024d52694692b7aa73
SHA256

ade09ff1a61d79064a4434d7e34820ead1a174867012373367dece0a4593d932
SHA512

46989d6c57fd57e0c88943d2623487c594992fb0f48fdb360eff74ba8b8563f87ffda8d774a9bdcaa19b470df6bc53a2a07aabf21ca28c918aa0d558be7a581f
SSDEEP

1536:xmWzTp+Juig/HrHBDZ4xrtMcucv3jAZndEilNgfQKOw7:IWzTpai/7B9Wt9uuzidEilCfQKL7

Score

1^/10

Malware Config

Signatures

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC096B8-0CE6-11D1-BAAE-00C04FC2E20D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC096B7-0CE6-11D1-BAAE-00C04FC2E20D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC096B7-0CE6-11D1-BAAE-00C04FC2E20D}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC096B7-0CE6-11D1-BAAE-00C04FC2E20D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC096B7-0CE6-11D1-BAAE-00C04FC2E20D}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC096B8-0CE6-11D1-BAAE-00C04FC2E20D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC096B8-0CE6-11D1-BAAE-00C04FC2E20D}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC096B8-0CE6-11D1-BAAE-00C04FC2E20D}\Programmable	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 3108	1824	regsvr32.exe	83
PID 1824 wrote to memory of 3108	1824	regsvr32.exe	83
PID 1824 wrote to memory of 3108	1824	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\iasacct.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\iasacct.dll
  2⤵
  - Modifies registry class
  PID:3108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads