cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51.dll
Size

968KB
MD5

5c118ff6363287dc60e9f8aeb1da5bd9
SHA1

6174b80c03c4b7e06074ff49b59dfadcb392b872
SHA256

cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51
SHA512

27d07cff3bd3b0544899707879c7eeda0f6fc13e016c13ce363dd28836d50b52265e5fc0ba17be96bc2dd39baedce84955480a048ffb9387afcdd947b4f0647f
SSDEEP

12288:k6Ow9oMj3omnDchj0tpTBfHnigkFAY7vOhrCKyB+:niMj3omDc5qpTBfHnqAMGTE

Score

1^/10

Malware Config

Signatures

Modifies registry class 50 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0000002E-0000-0000-C000-000000000046}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0000002E-0000-0000-C000-000000000046}\NumMethods\ = "4"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0000002E-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{B196B286-BAB4-101A-B69C-00AA00341D07}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DF0B3D60-548F-101B-8E65-08002B2BD119}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B28B-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B289-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0000002E-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B285-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B28D-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B28F-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B28B-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1CF2B120-547D-101B-8E65-08002B2BD119}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B288-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B28F-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B28C-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DF0B3D60-548F-101B-8E65-08002B2BD119}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1CF2B120-547D-101B-8E65-08002B2BD119}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B289-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B28C-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DF0B3D60-548F-101B-8E65-08002B2BD119}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B285-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DF0B3D60-548F-101B-8E65-08002B2BD119}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0000002E-0000-0000-C000-000000000046}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020425-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020422-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0000002E-0000-0000-C000-000000000046}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0000002E-0000-0000-C000-000000000046}\ = "ITypeFactory"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B288-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020423-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B28D-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 2640	4060	regsvr32.exe	91
PID 4060 wrote to memory of 2640	4060	regsvr32.exe	91
PID 4060 wrote to memory of 2640	4060	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cca18ab4e917eb08e2f7b71bca0c0654e69b6a0bb2a04b45bbe39d223438ff51.dll
  2⤵
  - Modifies registry class
  PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1712 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:2980

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads