1a80279b1f972aedb2b1010991f9c5ab7e7526deb2be69e70b88e820fb657e8b

Analysis

max time kernel
150s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a80279b1f972aedb2b1010991f9c5ab7e7526deb2be69e70b88e820fb657e8b.dll
Size

805KB
MD5

24a3d00823ecc6a53769a767775c7adb
SHA1

5e4702133bf0751b8b205c5282afd9bf86e09605
SHA256

1a80279b1f972aedb2b1010991f9c5ab7e7526deb2be69e70b88e820fb657e8b
SHA512

25ca8085f6f9cf5ec8b3d87af62381bfd9ecd209a634a95b3d4f9e63c6e8f114411746c8019ae2d591233b4fff95d61b9fb70ba4c81fb4c9be52b855d7f1828b
SSDEEP

24576:+k1Op2gF+QQdkl3NUzlRaw70jFtAGpSu4Tkmhexgr:d1K4I3NyyvdST1hex6

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

regsvr32.exesihost.exetaskhostw.exe

pid process

2664 regsvr32.exe
2664 regsvr32.exe
2868 sihost.exe
2868 sihost.exe
3008 taskhostw.exe
3008 taskhostw.exe

pid	process
2664	regsvr32.exe
2664	regsvr32.exe
2868	sihost.exe
2868	sihost.exe
3008	taskhostw.exe
3008	taskhostw.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

regsvr32.exesihost.exetaskhostw.exe

description	pid	process
Token: SeDebugPrivilege	2664	regsvr32.exe
Token: SeDebugPrivilege	2664	regsvr32.exe
Token: SeDebugPrivilege	2664	regsvr32.exe
Token: SeDebugPrivilege	2868	sihost.exe
Token: SeDebugPrivilege	3008	taskhostw.exe
Token: SeDebugPrivilege	3008	taskhostw.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

regsvr32.exesihost.exetaskhostw.exe

description	pid	process	target process
PID 2664 wrote to memory of 2868	2664	regsvr32.exe	sihost.exe
PID 2664 wrote to memory of 2868	2664	regsvr32.exe	sihost.exe
PID 2664 wrote to memory of 2868	2664	regsvr32.exe	sihost.exe
PID 2664 wrote to memory of 3008	2664	regsvr32.exe	taskhostw.exe
PID 2664 wrote to memory of 3008	2664	regsvr32.exe	taskhostw.exe
PID 2664 wrote to memory of 3008	2664	regsvr32.exe	taskhostw.exe
PID 2664 wrote to memory of 3764	2664	regsvr32.exe	DllHost.exe
PID 2664 wrote to memory of 3764	2664	regsvr32.exe	DllHost.exe
PID 2664 wrote to memory of 3764	2664	regsvr32.exe	DllHost.exe
PID 2868 wrote to memory of 5892	2868	sihost.exe	DllHost.exe
PID 2868 wrote to memory of 5892	2868	sihost.exe	DllHost.exe
PID 2868 wrote to memory of 5892	2868	sihost.exe	DllHost.exe
PID 3008 wrote to memory of 728	3008	taskhostw.exe	DllHost.exe
PID 3008 wrote to memory of 728	3008	taskhostw.exe	DllHost.exe
PID 3008 wrote to memory of 728	3008	taskhostw.exe	DllHost.exe
PID 3008 wrote to memory of 5372	3008	taskhostw.exe	DllHost.exe
PID 3008 wrote to memory of 5372	3008	taskhostw.exe	DllHost.exe
PID 3008 wrote to memory of 5372	3008	taskhostw.exe	DllHost.exe

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2868

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3008

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3764

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1a80279b1f972aedb2b1010991f9c5ab7e7526deb2be69e70b88e820fb657e8b.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2664

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:5892

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:5372

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\UPPS\icsvcext.dll

Filesize
805KB

MD5
1523cced3da59ed95d05818b8adcd35c

SHA1
fc2848dad5cd8ec583afa94d678c8bbd487c1a97

SHA256
df830de7c066d91db42826527e96cf2634d794e02660a96f390265cb44e7823c

SHA512
47c88920ed09fdf9377e39c84e3e3e5fc37d47eaa08daff4633156db55e0b7ae95cd6a1ff0ea23891cd62a21f7e13713844c71afab114159e5340c248ed8130d

Download Submit
memory/2868-0-0x000001E029540000-0x000001E0296D3000-memory.dmp

Filesize
1.6MB

Download
memory/2868-60-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-51-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-48-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-46-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-43-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-41-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-39-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-31-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-23-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-14-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-12-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-63-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-62-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-61-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-59-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-58-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-57-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-56-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-55-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-54-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-53-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-52-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-50-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-49-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-47-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-45-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-44-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-42-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-40-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-38-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-37-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-36-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-35-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-34-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-33-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-32-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-30-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-29-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-28-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-27-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-26-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-25-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-24-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-22-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-21-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-20-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-19-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-18-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-17-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-16-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-15-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-13-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-11-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-10-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-9-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-8-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-7-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-6-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-5-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-4-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/2868-3-0x000001E0296E0000-0x000001E0297BB000-memory.dmp

Filesize
876KB

Download
memory/3008-1-0x000001A0C2A30000-0x000001A0C2BC3000-memory.dmp

Filesize
1.6MB

Download
memory/3764-2-0x0000025513E50000-0x0000025513FE3000-memory.dmp

Filesize
1.6MB

Download