Overview
overview
7Static
static
3XP-Voices-x64.bat
windows7-x64
1XP-Voices-x64.bat
windows10-2004-x64
1XP-Voices-x86.bat
windows7-x64
1XP-Voices-x86.bat
windows10-2004-x64
1x64/Common...ng.dll
windows7-x64
7x64/Common...ng.dll
windows10-2004-x64
7x64/Common...on.dll
windows7-x64
7x64/Common...on.dll
windows10-2004-x64
7x86/Common...ng.dll
windows7-x64
3x86/Common...ng.dll
windows10-2004-x64
3x86/Common...on.dll
windows7-x64
3x86/Common...on.dll
windows10-2004-x64
x86/Common...rp.dll
windows7-x64
3x86/Common...rp.dll
windows10-2004-x64
3x86/Common...ne.dll
windows7-x64
3x86/Common...ne.dll
windows10-2004-x64
3x86/Common...oc.dll
windows7-x64
3x86/Common...oc.dll
windows10-2004-x64
3x86/Common...NU.dll
windows7-x64
3x86/Common...NU.dll
windows10-2004-x64
3x86/Common...oc.dll
windows7-x64
1x86/Common...oc.dll
windows10-2004-x64
1x86/Common...on.dll
windows7-x64
3x86/Common...on.dll
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/08/2024, 09:04
Static task
static1
Behavioral task
behavioral1
Sample
XP-Voices-x64.bat
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
XP-Voices-x64.bat
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
XP-Voices-x86.bat
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
XP-Voices-x86.bat
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
x64/CommonProgramFiles/SpeechEngines/Microsoft/TTS/1033/spttseng.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
x64/CommonProgramFiles/SpeechEngines/Microsoft/TTS/1033/spttseng.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
x64/CommonProgramFiles/SpeechEngines/Microsoft/spcommon.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
x64/CommonProgramFiles/SpeechEngines/Microsoft/spcommon.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS/1033/spttseng.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS/1033/spttseng.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSCommon.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSCommon.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSDecWrp.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSDecWrp.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSEngine.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral16
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSEngine.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSLoc.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSLoc.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/en-US/MSTTSFrontendENU.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/en-US/MSTTSFrontendENU.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/en-US/MSTTSLoc.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral22
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/en-US/MSTTSLoc.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/spcommon.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
x86/CommonProgramFiles/SpeechEngines/Microsoft/spcommon.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
x64/CommonProgramFiles/SpeechEngines/Microsoft/spcommon.dll
-
Size
106KB
-
MD5
d5965cd690d4f5b7a79be35d5507f585
-
SHA1
741aa9431c7417a90d1625b34cd0b78e4e7fa784
-
SHA256
a0475d7513cba997dcb16cf4a5730e9b5f595a5739c5dd8a7427b4c873695009
-
SHA512
22e9dd787c4006b8a32a1f1977bb28625d72d1c73592acadf34aa74c1e6f79ea7556eadbae1e073fba4122ab98d8464f51069a3946742039d353cb7f2bc69924
-
SSDEEP
1536:76QQirIRAzZ4UsgoWw6Co9MaQL4jrB7LL5uqaSS5Wm7b0:76Qr0aZtsg6TJ8jrB7LL5bgWm7
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 32 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon.1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon.1\ = "LTS Lexicon Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon\CurVer regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon.1\CLSID\ = "{685879BA-3263-11D3-9C26-00C04F8EF87C}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\Programmable regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\x64\\CommonProgramFiles\\SpeechEngines\\Microsoft\\spcommon.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\TypeLib\ = "{410B4FEB-339A-11D2-9602-00C04F8EE628}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0\ = "Microsoft LTScommon Object Library" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\VersionIndependentProgID\ = "SAPI.LTSLexicon" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon\ = "LTS Lexicon Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\x64\\CommonProgramFiles\\SpeechEngines\\Microsoft\\spcommon.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0\HELPDIR regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon\CLSID\ = "{685879BA-3263-11D3-9C26-00C04F8EF87C}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon\CurVer\ = "SAPI.LTSLexicon.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\ProgID\ = "SAPI.LTSLexicon.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0\0\win64 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\x64\\CommonProgramFiles\\SpeechEngines\\Microsoft\\" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SAPI.LTSLexicon\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{685879BA-3263-11D3-9C26-00C04F8EF87C}\ = "LTS Lexicon Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9153CE57-F693-4A8E-8B7C-29C8486566D0}\1.0\FLAGS regsvr32.exe