35df176b29956fe454d60445415d6699e5b10e61dae674c2176aca73698df432

Analysis

max time kernel
90s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35df176b29956fe454d60445415d6699e5b10e61dae674c2176aca73698df432.dll
Size

194KB
MD5

9569aa10f20b943bb7740b3bfa43c002
SHA1

0ff0d14da50d4651fd2358f607e81908fb054510
SHA256

35df176b29956fe454d60445415d6699e5b10e61dae674c2176aca73698df432
SHA512

7320cd64d86eb15d467c190262d5d24d4f3af19fe54b97b9ac6d1cbecb95302069899e50c950c88422b1f566e9929c9d90b1c50c70572756f963fe2b28c98f6b
SSDEEP

3072:qq34BLDNMdTLr/Uf962Dnp/8v/AFLuDHDz5O+l6wI5HPW9fQdk4:qq34BLDNM9LCpnRGPfE/Ifo

Score

1^/10

Malware Config

Signatures

Modifies registry class 50 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0\ = "CLDMRWrapper 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine.1\CLSID\ = "{718B9F3C-6092-4A5B-A169-10562B1F0A1C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\ = "CLDMREngine Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine.1\ = "CLDMRnEgine Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\TypeLib\ = "{6C5C549A-3EBC-488E-BA37-4542BE1D9275}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\CLDMRWrapper.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine\CurVer\ = "CLDMRWrapper.CLDMREngine.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\VersionIndependentProgID\ = "CLDMRWrapper.CLDMREngine"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine\CLSID\ = "{718B9F3C-6092-4A5B-A169-10562B1F0A1C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\35df176b29956fe454d60445415d6699e5b10e61dae674c2176aca73698df432.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\CLDMRWrapper.DLL\AppID = "{8E0F6A8D-ABD2-49A2-8219-A511F14DD2A4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine\ = "CLDMREngine Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\TypeLib\ = "{6C5C549A-3EBC-488E-BA37-4542BE1D9275}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8E0F6A8D-ABD2-49A2-8219-A511F14DD2A4}\ = "CLDMRWrapper"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\TypeLib\ = "{6C5C549A-3EBC-488E-BA37-4542BE1D9275}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\35df176b29956fe454d60445415d6699e5b10e61dae674c2176aca73698df432.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\ = "ICLDMREngine"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8E0F6A8D-ABD2-49A2-8219-A511F14DD2A4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLDMRWrapper.CLDMREngine\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{718B9F3C-6092-4A5B-A169-10562B1F0A1C}\ProgID\ = "CLDMRWrapper.CLDMREngine.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5C549A-3EBC-488E-BA37-4542BE1D9275}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D70B19-A12B-4C77-A046-B03E4AF8D239}\ = "ICLDMREngine"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2292	2300	regsvr32.exe	83
PID 2300 wrote to memory of 2292	2300	regsvr32.exe	83
PID 2300 wrote to memory of 2292	2300	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\35df176b29956fe454d60445415d6699e5b10e61dae674c2176aca73698df432.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\35df176b29956fe454d60445415d6699e5b10e61dae674c2176aca73698df432.dll
  2⤵
  - Modifies registry class
  PID:2292

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads