2816357a1a457ccf5621616605c68ece5f10ce5906027d3daa8a015fd72aaeac

Analysis

max time kernel
92s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 06:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cmiv2.dll
Size

2.8MB
MD5

9879c981e6dd2229b915eda2aaed228c
SHA1

cf2347ca30cc99f6ea8b692ed1a355c9a679edd2
SHA256

2816357a1a457ccf5621616605c68ece5f10ce5906027d3daa8a015fd72aaeac
SHA512

b268146a0afffba62b279d70f6b0dc54539332dfea426a7c16c9d0a47333316537f551833d66866eaeb3ca4fa1d1a99331fab2dec2f62d9588059265b4244a1a
SSDEEP

49152:Ktb8/FR3CBBg4ugA4mvlypiI3U0O5+wMpT7UTgAje9L6v+OTL3qatgDJ:w1pPUuk+OTnw

Score

1^/10

Malware Config

Signatures

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\ = "IPostGather"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\ = "IPostGather"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\TypeLib\ = "{F31091E5-B0A8-11D6-B6FC-005056C00008}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\ = "IPreGather"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\TypeLib\ = "{F31091E5-B0A8-11D6-B6FC-005056C00008}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\TypeLib\ = "{F31091E5-B0A8-11D6-B6FC-005056C00008}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\TypeLib\ = "{F31091E5-B0A8-11D6-B6FC-005056C00008}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\ = "IMigPluginSurrogate"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\TypeLib\ = "{F31091E5-B0A8-11D6-B6FC-005056C00008}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\ = "IPreGather"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A1822F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CCEC0752-DC07-4C83-A9F1-3CC9D1A18230}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\TypeLib\ = "{F31091E5-B0A8-11D6-B6FC-005056C00008}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\ = "IMigPluginSurrogate"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91A07F7F-2A6D-44BE-AC42-FA6B5D182811}\TypeLib	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cmiv2.dll
1⤵
- Modifies registry class
PID:3724

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads