615b526930cce5fc0c5cb9c682fbf29d7873e988b16be429ccf09f9ad41ce2ca

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iscsiwmi.dll
Size

75KB
MD5

32854b27f4ff46ca2ecc34a7afa8c47b
SHA1

6b7efe72fa247af3daf987b345c7d1a1250337a8
SHA256

615b526930cce5fc0c5cb9c682fbf29d7873e988b16be429ccf09f9ad41ce2ca
SHA512

c122002ede25c503c3d275fe571884112e0cd451f5c734a004abcfbcc0ec5b7c812afe61f2e480339035a3200f6ecf0bf547b61ec64b652804241ca399ff8329
SSDEEP

1536:BpfwWvHi+jtvwQP1tT4BhdErVcGWOWwoTe:B+kiVQ6dwcGWOWwo6

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D0520B5D-1B5F-4ECF-A940-6E57476AE4B0}\InprocServer32	regsvr32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{D0520B5D-1B5F-4ECF-A940-6E57476AE4B0}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D0520B5D-1B5F-4ECF-A940-6E57476AE4B0}\InprocServer32	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\iscsiwmi.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads