3fba95ef568c3fec72705352d2077b17f66f1c92e17b67d41f61c1a92c5bf869

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

els.dll
Size

233KB
MD5

eee8989512b6bfd12eb7404ad00e74f2
SHA1

47b5e4d02e0dadaed58d2f5f626f6661473a06f6
SHA256

3fba95ef568c3fec72705352d2077b17f66f1c92e17b67d41f61c1a92c5bf869
SHA512

a28f7be7b965e332569493093fb5b29949a4e2dc69c89631f9b9fa411309553ccf2a27706f21da4f61ab83e85e83a6af1b829aa447d8380efdeb14204d686acb
SSDEEP

6144:Qv0d4piq0mbhIOoId1ay4jV5QINlqJkcK:vdK0/JEUP

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{394C052E-B830-11D0-9A86-00C04FD8DBF7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F778C6B4-C08B-11D2-976C-00C04F79DB19}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05238C14-A6E1-11D0-9A84-00C04FD8DBF7}\InprocServer32	regsvr32.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05238C14-A6E1-11D0-9A84-00C04FD8DBF7}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12DD72EE-A6E5-11D0-9A84-00C04FD8DBF7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12DD72EE-A6E5-11D0-9A84-00C04FD8DBF7}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F778C6B4-C08B-11D2-976C-00C04F79DB19}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05238C14-A6E1-11D0-9A84-00C04FD8DBF7}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{394C052E-B830-11D0-9A86-00C04FD8DBF7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F778C6B4-C08B-11D2-976C-00C04F79DB19}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05238C14-A6E1-11D0-9A84-00C04FD8DBF7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12DD72EE-A6E5-11D0-9A84-00C04FD8DBF7}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{394C052E-B830-11D0-9A86-00C04FD8DBF7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05238C14-A6E1-11D0-9A84-00C04FD8DBF7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05238C14-A6E1-11D0-9A84-00C04FD8DBF7}	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\els.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads