6ce7ec2147d4f3745cf3965b802a54328999d9e63e4a2680bf3e61236757b21f | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:51

Sharing

Report Analysis Logs

General

Target

bitsprx3.dll
Size

10KB
MD5

27169cc385259a89c0a29a317b419fb2
SHA1

ee9f4f371c595dbcaf75f037b46a9277ae2db1d9
SHA256

6ce7ec2147d4f3745cf3965b802a54328999d9e63e4a2680bf3e61236757b21f
SHA512

c59aa846b06667ddf8fdd2eb7baab0f20428a80ce585be802a2e8ebdbbe836c544edfb704edc988d6af5839fd4a5fd8fc2e2e751909affc979e1cb4658097ed1
SSDEEP

192:bPmRJwKcqGYnAMtbANixu95OVT6r6A4LDWNs0W+gd1:LeZcqxA22p5OV+OWNs0W+Q

Score

1^/10

Malware Config

Signatures

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83E81B93-0873-474D-8A8C-F2018B1A939C}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{443C8934-90FF-48ED-BCDE-26F5C7450042}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{443C8934-90FF-48ED-BCDE-26F5C7450042}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83E81B93-0873-474D-8A8C-F2018B1A939C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83E81B93-0873-474D-8A8C-F2018B1A939C}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{443C8934-90FF-48ED-BCDE-26F5C7450042}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{443C8934-90FF-48ED-BCDE-26F5C7450042}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{443C8934-90FF-48ED-BCDE-26F5C7450042}	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 644	1304	regsvr32.exe	82
PID 1304 wrote to memory of 644	1304	regsvr32.exe	82
PID 1304 wrote to memory of 644	1304	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bitsprx3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bitsprx3.dll
  2⤵
  - Modifies registry class
  PID:644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads