b03dd372f5dbede4c85e2d0686e6fd793130372fed6f9d213702544e2668e7de

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

correngine.dll
Size

85KB
MD5

f29679c52956722c9a9c880fe7f6b68d
SHA1

9c292e87148255055747c018572e4085c98b2e2f
SHA256

b03dd372f5dbede4c85e2d0686e6fd793130372fed6f9d213702544e2668e7de
SHA512

0108b7b6cabb202cb6bf1e441da21c81f43e092d8120946bfa8493fd72f6655128c7f32970bd8b3dcfb148cdac13f0d40beb1766b7af46e65a6f4d9f0897ad5f
SSDEEP

1536:QuQMux0imVorwtvEnb7yY7Ln3acz1QbdGO6kzf0caW+W1poQfdz+GQJuIXkzUqh2:Qmua+rlnb7NnKxlhaWTrQYIXfDYuF

Score

1^/10

Malware Config

Signatures

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\ = "ICorrelationEngine"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6CAAAA3B-6502-40FE-97FC-72A290DC63CF}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6CAAAA3B-6502-40FE-97FC-72A290DC63CF}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6CAAAA3B-6502-40FE-97FC-72A290DC63CF}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\ = "ICorrelationEngine"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\TypeLib\ = "{6CAAAA3B-6502-40FE-97FC-72A290DC63CF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6CAAAA3B-6502-40FE-97FC-72A290DC63CF}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A188440E-DB11-45B8-B42C-B2149FA71453}\TypeLib\ = "{6CAAAA3B-6502-40FE-97FC-72A290DC63CF}"	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\correngine.dll
1⤵
- Modifies registry class
PID:3244

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads