51c3d12efd1854edf7e102160573aa3a94e437afa22aa937e818a461c4e9d833

Analysis

max time kernel
140s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dmcompos.dll
Size

72KB
MD5

e753fb375e37566e73dfaed64385c56a
SHA1

be28de9443add0d00e89e36be364c7b28b7e68c5
SHA256

51c3d12efd1854edf7e102160573aa3a94e437afa22aa937e818a461c4e9d833
SHA512

bc3e47d339f9ecc8c704444c36e1399a6423bd3393da72aceaa5178ab7891c7b73e48faa3187ad9b9d4fdfb531f126c71db27c3422dd4581d572dbae12325011
SSDEEP

1536:1e+ptvstuftXthWjCl4pWHj15T1uGfLjBvUAsZu563x5vcLHQKotQU5swNiOs/RP:0atvst6tXthWjCl4cHj15T1uGfLjBvUi

Score

1^/10

Malware Config

Signatures

Modifies registry class 61 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMap.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC288F-B39B-11D1-8704-00600893B1BD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicSignPostTrack\CurVer\ = "Microsoft.DirectMusicSignPostTrack.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicTemplate.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F17E8672-C3B4-11D1-870B-00600893B1BD}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicSignPostTrack\ = "DirectMusicSignPostTrack"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMapTrack	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMap.1\ = "DirectMusicChordMap"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicComposer.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F17E8672-C3B4-11D1-870B-00600893B1BD}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC2896-B39B-11D1-8704-00600893B1BD}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC2896-B39B-11D1-8704-00600893B1BD}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMap.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC2890-B39B-11D1-8704-00600893B1BD}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicComposer\ = "DirectMusicComposer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicSignPostTrack.1\ = "DirectMusicSignPostTrack"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMap\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicComposer.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D30BCC65-60E8-11D1-A7CE-00A0C913F73C}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC2896-B39B-11D1-8704-00600893B1BD}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMapTrack.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMapTrack.1\ = "DirectMusicChordMapTrack"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC288F-B39B-11D1-8704-00600893B1BD}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC288F-B39B-11D1-8704-00600893B1BD}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicTemplate\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicTemplate.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMapTrack.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMap\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicComposer.1\ = "DirectMusicComposer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D30BCC65-60E8-11D1-A7CE-00A0C913F73C}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D30BCC65-60E8-11D1-A7CE-00A0C913F73C}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicTemplate.1\ = "DirectMusicTemplate"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMapTrack\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMapTrack\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMap\ = "DirectMusicChordMap"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC2890-B39B-11D1-8704-00600893B1BD}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicComposer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicComposer\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicComposer\CurVer\ = "Microsoft.DirectMusicComposer.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicTemplate\ = "DirectMusicTemplate"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D30BCC65-60E8-11D1-A7CE-00A0C913F73C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicTemplate\CurVer\ = "Microsoft.DirectMusicTemplate.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMapTrack\ = "DirectMusicChordMapTrack"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC288F-B39B-11D1-8704-00600893B1BD}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F17E8672-C3B4-11D1-870B-00600893B1BD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMapTrack\CurVer\ = "Microsoft.DirectMusicChordMapTrack.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMap	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicChordMap\CurVer\ = "Microsoft.DirectMusicChordMap.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicComposer\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicTemplate	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicSignPostTrack	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicSignPostTrack\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicSignPostTrack\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC2890-B39B-11D1-8704-00600893B1BD}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicTemplate\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F17E8672-C3B4-11D1-870B-00600893B1BD}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicSignPostTrack.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectMusicSignPostTrack.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC2890-B39B-11D1-8704-00600893B1BD}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2AC2896-B39B-11D1-8704-00600893B1BD}\ProgID	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 3112	400	regsvr32.exe	83
PID 400 wrote to memory of 3112	400	regsvr32.exe	83
PID 400 wrote to memory of 3112	400	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dmcompos.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\dmcompos.dll
  2⤵
  - Modifies registry class
  PID:3112

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads