5fa200c758855587d703901ec66da24bedfff1c1ae4102cfbfa762107de1a1dc

Analysis

max time kernel
131s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Chakra.dll
Size

5.8MB
MD5

470870f4ae21f36f0e9a12446826ff6b
SHA1

10f90ce9fbe5824b54705796186f51b7fcbb1b2c
SHA256

5fa200c758855587d703901ec66da24bedfff1c1ae4102cfbfa762107de1a1dc
SHA512

f575194c80ed438dbb892d8fcbd4c6f5717bda28b09da9df28d0239ec74be2f4ac9206cad7ce224ab59b7a1696cb3b6e6334e0ba882b6a1f8dffe9f5d1c4e9dc
SSDEEP

98304:exJLXw63XZZsMPtKeHryVy1W94yyL4pc:exJLXw63XZxLLCy1wY4u

Score

1^/10

Malware Config

Signatures

Modifies registry class 28 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{337448ee-2a70-43f7-99f9-40f2857950b9}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E5B35059-A1BE-4977-9BEE-5C44226340F7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1b7cd997-e5ff-4932-a7a6-2a9e636da385}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B7CD997-E5FF-4932-A7A6-2A9E636DA385}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B7CD997-E5FF-4932-A7A6-2A9E636DA385}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1b7cd997-e5ff-4932-a7a6-2a9e636da385}\Implemented Categories	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\WOW6432Node\CLSID\{337448ee-2a70-43f7-99f9-40f2857950b9} = "JavaScript Language"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5B35059-A1BE-4977-9BEE-5C44226340F7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1b7cd997-e5ff-4932-a7a6-2a9e636da385}\OLEScript	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B7CD997-E5FF-4932-A7A6-2A9E636DA385}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e5b35059-a1be-4977-9bee-5c44226340f7}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{337448ee-2a70-43f7-99f9-40f2857950b9}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{e5b35059-a1be-4977-9bee-5c44226340f7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{e5b35059-a1be-4977-9bee-5c44226340f7}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1b7cd997-e5ff-4932-a7a6-2a9e636da385}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B7CD997-E5FF-4932-A7A6-2A9E636DA385}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\WOW6432Node\CLSID\{1b7cd997-e5ff-4932-a7a6-2a9e636da385} = "JavaScript Language"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{e5b35059-a1be-4977-9bee-5c44226340f7}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{337448ee-2a70-43f7-99f9-40f2857950b9}\OLEScript	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e5b35059-a1be-4977-9bee-5c44226340f7}	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 1872	4840	regsvr32.exe	82
PID 4840 wrote to memory of 1872	4840	regsvr32.exe	82
PID 4840 wrote to memory of 1872	4840	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Chakra.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\Chakra.dll
  2⤵
  - Modifies registry class
  PID:1872

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads