9fcfd0eaa4c4f8f1a3a80274a6d091650214fa68de026fb7ad0629135d4e9b16

Analysis

max time kernel
132s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PaymentMediatorServiceProxy.dll
Size

15KB
MD5

f8f9d5cae7223d92361592ed0e2da848
SHA1

bf3d2eeb2704004f947f83946d3a06f78cfba856
SHA256

9fcfd0eaa4c4f8f1a3a80274a6d091650214fa68de026fb7ad0629135d4e9b16
SHA512

4c46dc6ec77d7816b82780a2e4b2959c69671e19f985c0afc6144c77ec2c1b4ea8c9608f6896b45366f96e6d340ca2e476b624ef6f66e40a264fa5f6c55c536e
SSDEEP

192:svLj+HPBfK/M1eGJqcyzYJ5PIz71+e5AfORGOJp3IrWr1EecDW5fW:CL6v1xJqc+4P61+eM/QpTrvcDW5fW

Score

1^/10

Malware Config

Signatures

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2059FAE-78B6-4849-905D-DE33791CFFE1}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0DF5C6B-249C-4FE8-9377-281E25DE200D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4AAACE14-F87C-4E24-BCA9-ED34827A1F7A}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2059FAE-78B6-4849-905D-DE33791CFFE1}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EEB6DB15-8672-4666-8CB9-E8FFEE1D7166}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2059FAE-78B6-4849-905D-DE33791CFFE1}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1AEEF9C-EA3A-46C6-AA0C-6CC89D7C7698}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0DF5C6B-249C-4FE8-9377-281E25DE200D}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4AAACE14-F87C-4E24-BCA9-ED34827A1F7A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EEB6DB15-8672-4666-8CB9-E8FFEE1D7166}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1AEEF9C-EA3A-46C6-AA0C-6CC89D7C7698}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4AAACE14-F87C-4E24-BCA9-ED34827A1F7A}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EEB6DB15-8672-4666-8CB9-E8FFEE1D7166}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1AEEF9C-EA3A-46C6-AA0C-6CC89D7C7698}\ProxyStubClsid32	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 3708	5032	regsvr32.exe	82
PID 5032 wrote to memory of 3708	5032	regsvr32.exe	82
PID 5032 wrote to memory of 3708	5032	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\PaymentMediatorServiceProxy.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\PaymentMediatorServiceProxy.dll
  2⤵
  - Modifies registry class
  PID:3708

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads