Overview
overview
7Static
static
3V17 Soruns...tr.dll
windows7-x64
1V17 Soruns...tr.dll
windows10-2004-x64
1V17 Soruns...R2.dll
windows7-x64
1V17 Soruns...R2.dll
windows10-2004-x64
1V17 Soruns...t8.dll
windows7-x64
7V17 Soruns...t8.dll
windows10-2004-x64
7V17 Soruns...ix.dll
windows7-x64
1V17 Soruns...ix.dll
windows10-2004-x64
1V17 Soruns...or.dll
windows7-x64
1V17 Soruns...or.dll
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 14:36
Static task
static1
Behavioral task
behavioral1
Sample
V17 Sorunsuz Çalışan/COMRDR2/data/ui/rdr2tr.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
V17 Sorunsuz Çalışan/COMRDR2/data/ui/rdr2tr.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
V17 Sorunsuz Çalışan/ScriptHookRDR2.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
V17 Sorunsuz Çalışan/ScriptHookRDR2.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
V17 Sorunsuz Çalışan/dinput8.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
V17 Sorunsuz Çalışan/dinput8.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
V17 Sorunsuz Çalışan/fontfix.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
V17 Sorunsuz Çalışan/fontfix.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
V17 Sorunsuz Çalışan/rdr2-translator.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
V17 Sorunsuz Çalışan/rdr2-translator.dll
Resource
win10v2004-20240709-en
General
-
Target
V17 Sorunsuz Çalışan/dinput8.dll
-
Size
128KB
-
MD5
f66b293ad5afa49c2bd8b58bdc18d453
-
SHA1
a64ba484761f06adc1494863949589a6e552fe4b
-
SHA256
956fb3765572d00f6c08bcae11e9856a00a68107464a87b6ccc6c1ffed46b88a
-
SHA512
09874fbdc37a34ce5cbcead9f89ff7273b671ad042ba15cdf120e5fdee9d597fe8908ca4f6670f487be223786698a2fd8513dbacdce00fcbbb8c4d4729e13105
-
SSDEEP
3072:uHcpVMabeR0iujTE/yhSWbAJgUSJYt9c+eJ+VPa2s:WcpVM7lQTE/ygWUmXysDJ+a2
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25E609E4-B259-11CF-BFC7-444553540000} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25E609E4-B259-11CF-BFC7-444553540000}\InProcServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25E609E5-B259-11CF-BFC7-444553540000} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25E609E5-B259-11CF-BFC7-444553540000}\InProcServer32 regsvr32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2220 regsvr32.exe