Analysis

  • max time kernel
    78s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 19:27

General

  • Target

    MapiProxy.dll

  • Size

    24KB

  • MD5

    109de960ac9ec36e2c14fe499b74e6d9

  • SHA1

    4f7add83946aa3d2a0f1b2b3b879a03ece4606c7

  • SHA256

    32c8b9c53c7fa6bec5ddf24ae83f4874cbbafb572b469270bfc0e9f4adeef4f8

  • SHA512

    348b682d54c5237721235de04c24cd62afb4f46412e3ff1467a5e9481435b3d562a9541e972ee805d058f1c40b5b9c9d6c84f827e5a76f321915a16bd28b1aa3

  • SSDEEP

    384:g6JE2If4VrpPBlvDG/t8E9VF0NyxAM+oJwEErbG:g6JJIf4Vn5DGyELAMxtCG

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Modifies registry class 13 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\MapiProxy.dll
    1⤵
    • Modifies registry class
    PID:4908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads