7b0d248403c3cd78aad6acd836d77c1a8789e6f7d5fffdc6e7328c9f8e36f224 | Triage

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 02:55

Sharing

Report Analysis Logs

General

Target

6a2a1fd1a0557eaa0da701289c1afbb0N.dll
Size

1.1MB
MD5

6a2a1fd1a0557eaa0da701289c1afbb0
SHA1

4176a1297d26726d8cfcd2233759170549557df7
SHA256

7b0d248403c3cd78aad6acd836d77c1a8789e6f7d5fffdc6e7328c9f8e36f224
SHA512

1bbe637b0200d05dc43b004708dc627e3c2f3432a7d12750c091e48c92c39cb5d74a13522e0ea128f643bbf23c33bbd81c5dade0c8aff91a7a324cc402567a93
SSDEEP

24576:92LOpzLN0qbGUs44T6I9l7VhcVCXfTFDNPo5R4hMmh:kO0qD4TZLXfThGvmh

Score

1^/10

Malware Config

Signatures

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\AppID = "{716EAFD0-CAB1-4657-B249-2FFF88A6F65C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{716EAFD0-CAB1-4657-B249-2FFF88A6F65C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{716EAFD0-CAB1-4657-B249-2FFF88A6F65C}\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6a2a1fd1a0557eaa0da701289c1afbb0N.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{716EAFD0-CAB1-4657-B249-2FFF88A6F65C}\DllSurrogate	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30
PID 2732 wrote to memory of 2820	2732	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6a2a1fd1a0557eaa0da701289c1afbb0N.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6a2a1fd1a0557eaa0da701289c1afbb0N.dll
  2⤵
  - Modifies registry class
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads