Overview
overview
7Static
static
3CrashRepor...pt.dll
windows7-x64
1CrashRepor...pt.dll
windows10-2004-x64
1CrashRepor...lp.dll
windows7-x64
1CrashRepor...lp.dll
windows10-2004-x64
1CrashRepor...pt.exe
windows7-x64
1CrashRepor...pt.exe
windows10-2004-x64
1D3DCompiler_47.dll
windows7-x64
1D3DCompiler_47.dll
windows10-2004-x64
1D3DX9_43.dll
windows7-x64
1D3DX9_43.dll
windows10-2004-x64
1LAVFilters...er.dll
windows7-x64
1LAVFilters...er.dll
windows10-2004-x64
1LAVFilters...io.dll
windows7-x64
7LAVFilters...io.dll
windows10-2004-x64
7LAVFilters...er.dll
windows7-x64
7LAVFilters...er.dll
windows10-2004-x64
7LAVFilters...eo.dll
windows7-x64
7LAVFilters...eo.dll
windows10-2004-x64
7LAVFilters...61.dll
windows7-x64
1LAVFilters...61.dll
windows10-2004-x64
1LAVFilters...10.dll
windows7-x64
1LAVFilters...10.dll
windows10-2004-x64
1LAVFilters...61.dll
windows7-x64
1LAVFilters...61.dll
windows10-2004-x64
1LAVFilters...59.dll
windows7-x64
1LAVFilters...59.dll
windows10-2004-x64
1LAVFilters...ay.dll
windows7-x64
1LAVFilters...ay.dll
windows10-2004-x64
1LAVFilters...-5.dll
windows7-x64
1LAVFilters...-5.dll
windows10-2004-x64
1LAVFilters...-8.dll
windows7-x64
1LAVFilters...-8.dll
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02/09/2024, 05:59
Static task
static1
Behavioral task
behavioral1
Sample
CrashReporter/crashrpt.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
CrashReporter/crashrpt.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
CrashReporter/dbghelp.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral4
Sample
CrashReporter/dbghelp.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
CrashReporter/sendrpt.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
CrashReporter/sendrpt.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
D3DCompiler_47.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
D3DCompiler_47.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
D3DX9_43.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
D3DX9_43.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
LAVFilters64/IntelQuickSyncDecoder.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
LAVFilters64/IntelQuickSyncDecoder.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
LAVFilters64/LAVAudio.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
LAVFilters64/LAVAudio.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
LAVFilters64/LAVSplitter.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
LAVFilters64/LAVSplitter.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
LAVFilters64/LAVVideo.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral18
Sample
LAVFilters64/LAVVideo.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
LAVFilters64/avcodec-lav-61.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral20
Sample
LAVFilters64/avcodec-lav-61.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
LAVFilters64/avfilter-lav-10.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral22
Sample
LAVFilters64/avfilter-lav-10.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
LAVFilters64/avformat-lav-61.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral24
Sample
LAVFilters64/avformat-lav-61.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
LAVFilters64/avutil-lav-59.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
LAVFilters64/avutil-lav-59.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
LAVFilters64/libbluray.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral28
Sample
LAVFilters64/libbluray.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
LAVFilters64/swresample-lav-5.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral30
Sample
LAVFilters64/swresample-lav-5.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
LAVFilters64/swscale-lav-8.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral32
Sample
LAVFilters64/swscale-lav-8.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
LAVFilters64/LAVAudio.dll
-
Size
298KB
-
MD5
48ff4453f194c324807edb5d72baed84
-
SHA1
9be09dd1bda71e888a7358726a4d4fb5e2cb8e36
-
SHA256
6da547e97feb50061d8a6810148f659ac2585b846c642534e4675369b8201e75
-
SHA512
fcda4ddac88c15623451fa28e603b30f30118cf7ba933c5b73082d9e2a8f15dfe1c8646a41ae78000df69398c6a01a0e9d96e009b31c04f7db23a0eef8412559
-
SSDEEP
6144:NbbABuFv4u8x1Vcj0kkqx7p04LmOc/Vxno:VABu98NchX44Ito
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 29 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LAVFilters64\\LAVAudio.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\FriendlyName = "LAV Audio Decoder" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LAVFilters64\\LAVAudio.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LAVFilters64\\LAVAudio.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\ = "LAV Audio Properties" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\ = "LAV Audio Mixer" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\ = "LAV Audio Format Settings" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\ = "LAV Audio Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\ = "LAV Audio Status" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LAVFilters64\\LAVAudio.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LAVFilters64\\LAVAudio.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\CLSID = "{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}" regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\FilterData = 020000000300800002000000000000003070693300000000000000005d0000000000000000000000307479330000000030060000400600003174793300000000500600004006000032747933000000006006000040060000337479330000000030060000700600003474793300000000500600007006000035747933000000006006000070060000367479330000000030060000800600003774793300000000500600008006000038747933000000006006000080060000397479330000000030060000900600003a7479330000000050060000900600003b7479330000000060060000900600003c74793300000000a0060000b00600003d74793300000000a0060000c00600003e74793300000000a0060000d00600003f74793300000000a0060000e00600004074793300000000a0060000f00600004174793300000000a0060000000700004274793300000000a0060000100700004374793300000000a0060000200700004474793300000000a0060000300700004574793300000000a0060000400700004674793300000000a0060000700600004774793300000000a0060000500700004874793300000000a0060000600700004974793300000000a0060000700700004a74793300000000a0060000800700004b74793300000000a0060000800600004c74793300000000a0060000900700004d74793300000000a0060000a00700004e74793300000000a0060000b00700004f74793300000000a0060000c00700005074793300000000a0060000d00700005174793300000000a0060000400600005274793300000000a0060000e00700005374793300000000a0060000f00700005474793300000000a0060000000800005574793300000000a0060000100800005674793300000000a0060000200800005774793300000000a0060000300800005874793300000000a0060000400800005974793300000000a0060000500800005a74793300000000a0060000600800005b74793300000000a0060000700800005c74793300000000a0060000900600005d74793300000000a0060000800800005e74793300000000a0060000900800005f74793300000000a0060000a00800006074793300000000a0060000b00800006174793300000000a0060000c00800006274793300000000a0060000d00800006374793300000000a0060000e00800006474793300000000a0060000f00800006574793300000000a0060000000900006674793300000000a0060000100900006774793300000000a0060000200900006874793300000000a0060000300900006974793300000000a0060000400900006a74793300000000a0060000500900006b74793300000000a0060000600900006c74793300000000a0060000700900006d74793300000000a0060000800900006e74793300000000a0060000900900006f74793300000000a0060000a00900007074793300000000a0060000b00900007174793300000000a0060000c00900007274793300000000a0060000d00900007374793300000000a0060000e00900007474793300000000a0060000f00900007574793300000000a0060000000a00007674793300000000a0060000100a00007774793300000000a0060000200a00007874793300000000a0060000300a00007974793300000000a0060000400a00007a74793300000000a0060000500a00007b74793300000000a0060000600a00007c74793300000000a0060000700a00007d74793300000000a0060000800a00007e74793300000000a0060000900a00007f74793300000000a0060000a00a00008074793300000000a0060000b00a00008174793300000000a0060000c00a00008274793300000000a0060000d00a00008374793300000000a0060000e00a00008474793300000000a0060000f00a00008574793300000000a0060000000b00008674793300000000a0060000100b00008774793300000000a0060000200b00008874793300000000a0060000300b00008974793300000000a0060000400b00008a74793300000000a0060000500b00008b74793300000000a0060000600b00008c74793300000000a0060000700b00003170693308000000000000000200000000000000000000003074793300000000a0060000800b00003174793300000000a0060000900b00006a910bed4d04d111aa7800c04fc31d602b806de046dbcf11b4d100805f6cbbea133b5236e58ed1118ca30060b057664a20806de046dbcf11b4d100805f6cbbea2c806de046dbcf11b4d100805f6cbbea33806de046dbcf11b4d100805f6cbbea32806de046dbcf11b4d100805f6cbbea6175647300001000800000aa00389b71ff00000000001000800000aa00389b71ff01000000001000800000aa00389b710216000000001000800000aa00389b714d50344100001000800000aa00389b716d70346100001000800000aa00389b714144545300001000800000aa00389b710016000000001000800000aa00389b710116000000001000800000aa00389b711016000000001000800000aa00389b71414c532000001000800000aa00389b71af87fba7022dfb42a4d405cd93843bdd27a7cf71e4374a40aec034842532eff7c4ce27eb3e16a34c8b748e25f91b517e0020000000001000800000aa00389b710120000000001000800000aa00389b71b78ee5a2a90fbb48a40cfa0e156d064580eb36e44f52ce119f530020af0ba77081eb36e44f52ce119f530020af0ba7705000000000001000800000aa00389b715500000000001000800000aa00389b71acf1000000001000800000aa00389b71c0c54115dfcd7d47bc0a86f8ae7f83540bd12f8d41586b4a8905588fec1aded9a177000000001000800000aa00389b715657000000001000800000aa00389b714d4c502000001000800000aa00389b71616c616300001000800000aa00389b71e99621b83f1b9647a63646239087b38e4145533300001000800000aa00389b71fcb73ea20b516f469fbf5f878f69347cfd979f94f6562745b4aeddeb375ab80f4e4f4e4500001000800000aa00389b717261772000001000800000aa00389b7174776f7300001000800000aa00389b71736f777400001000800000aa00389b71696e323400001000800000aa00389b71696e333200001000800000aa00389b71666c333200001000800000aa00389b71666c363400001000800000aa00389b7134326e6900001000800000aa00389b7132336e6900001000800000aa00389b7132336c6600001000800000aa00389b7134366c6600001000800000aa00389b716001000000001000800000aa00389b716101000000001000800000aa00389b716201000000001000800000aa00389b716301000000001000800000aa00389b71434f4f4b00001000800000aa00389b715241414300001000800000aa00389b715241435000001000800000aa00389b715349505200001000800000aa00389b713001000000001000800000aa00389b71444e455400001000800000aa00389b7132385f3800001000800000aa00389b7131345f3400001000800000aa00389b7152414c4600001000800000aa00389b7109a1000000001000800000aa00389b714f70000000001000800000aa00389b714f50555300001000800000aa00389b7173616d7200001000800000aa00389b714e454c4c00001000800000aa00389b710600000000001000800000aa00389b710700000000001000800000aa00389b713100000000001000800000aa00389b710200000000001000800000aa00389b712200000000001000800000aa00389b7151444d3200001000800000aa00389b717500000000001000800000aa00389b717002000000001000800000aa00389b714154524300001000800000aa00389b71bfaa23e958cb7144a119fffa01e4ce621100000000001000800000aa00389b716737323600001000800000aa00389b719a72000000001000800000aa00389b713301000000001000800000aa00389b710104000000001000800000aa00389b714323bcafcb3d47409655e1e62a61b1c50100000000001000800000aa00389b710300000000001000800000aa00389b71 regsvr32.exe