1bbae7fd65ce859fdebbef69b00e51de4940b85cbf3171f0199f444677b42ae5

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpeechUX/speechuxcpl.dll
Size

446KB
MD5

d50c755812b615d82b9b5c2cb755edee
SHA1

236e108e4ab23e9ba6c08f1ba102c75edfe20f4c
SHA256

4b831e48b62d37f15f5bb465761d5341b6623db489453e932856f51d054bfa18
SHA512

f9c36417575c5862ce21164c71926923d173f669b600429adb7d19b9d5b85de42e06774afee5b542194f0a0a84a3de3b4ee65b9e93963a4fbd3cf16647be917d
SSDEEP

6144:L0TOSAgJrtnxbwz/k4KqugbPXU4AgV8CCQ4Vb4XURS9Z8DdkTniNnB0OF5O:L0TOSAubwLkRLgLBAgV7QSjkF5O

Score

7^/10

persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58E3C745-D971-4081-9034-86E34B30836A}\DefaultIcon	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58E3C745-D971-4081-9034-86E34B30836A}\Instance\InitPropertyBag	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{139D8403-E74F-41d2-B103-8790C5C7A517}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58E3C745-D971-4081-9034-86E34B30836A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58E3C745-D971-4081-9034-86E34B30836A}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58E3C745-D971-4081-9034-86E34B30836A}\ShellFolder	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58E3C745-D971-4081-9034-86E34B30836A}\Instance	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{139D8403-E74F-41d2-B103-8790C5C7A517}\InProcServer32	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\SpeechUX\speechuxcpl.dll
1⤵
- Modifies registry class
PID:3704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads