Overview
overview
7Static
static
3v6.15.8_in...4_.zip
windows7-x64
1v6.15.8_in...4_.zip
windows10-2004-x64
1Repository...im.dll
windows10-2004-x64
1Repository...er.dll
windows10-2004-x64
1Repository/dsprov.dll
windows10-2004-x64
7SR/spsrx.dll
windows10-2004-x64
1SR/srloc.dll
windows10-2004-x64
1SpeechUX/S...PS.dll
windows10-2004-x64
7SpeechUX/sapi.dll
windows10-2004-x64
1SpeechUX/s...pl.dll
windows10-2004-x64
7TTS/MSTTSLoc.dll
windows10-2004-x64
1UMDF/EhStorPwdDrv.dll
windows10-2004-x64
1UMDF/HidTelephony.dll
windows10-2004-x64
1UMDF/IddCx.dll
windows10-2004-x64
1UMDF/Micro...tt.dll
windows10-2004-x64
1UMDF/NfcCx.dll
windows10-2004-x64
1app__v6.15.8_t.msi
windows7-x64
6app__v6.15.8_t.msi
windows10-2004-x64
6Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 15:26
Static task
static1
Behavioral task
behavioral1
Sample
v6.15.8_installer_x64_.zip
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
v6.15.8_installer_x64_.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Repository/dnsclientcim.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
Repository/dnsclientpsprovider.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Repository/dsprov.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
SR/spsrx.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
SR/srloc.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
SpeechUX/SpeechUXPS.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
SpeechUX/sapi.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
SpeechUX/speechuxcpl.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
TTS/MSTTSLoc.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
UMDF/EhStorPwdDrv.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
UMDF/HidTelephony.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
UMDF/IddCx.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
UMDF/NfcCx.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
app__v6.15.8_t.msi
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
app__v6.15.8_t.msi
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
SpeechUX/SpeechUXPS.dll
-
Size
35KB
-
MD5
dfec0317a1ea262d948a18424b86c2ba
-
SHA1
25bc5196e6b47aa72b4f09752382ff2c860ff19b
-
SHA256
9c58c0059f53cd8b796a56a8d3f585a001fd29a3037fe8393292f52dc6ac1944
-
SHA512
522e0fd4788cf0ae5efe2312c7599d77474e4f54fdb5ac34757091a7abe13564ee7560e6e83cc6e6417e31bbdf05cfc9a57c0bffe2b21523f3062a43e9cf957f
-
SSDEEP
384:TzcEP6TRUpPzapbW8ufOOqvWiMq4GDDKkVuOUSo3OWczkjUJl0azvOpI80Ygkuuc:7pEahYABZI0
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 43 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A55DC428-CB05-4E31-BBE1-4AC9257101FC} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDE2DC4F-2D9E-4632-A989-68712CDB4B45} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CF864B68-9E8A-46A5-BFD7-9CB50F993311}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4BD5C26A-B267-4C76-9800-B5D31AC24D80} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B346BA0-2265-4846-AD95-BC77586A5E82}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{d3339fcf-96b5-45fc-b257-97618f632f00} regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F20051B-D93F-4EC5-A13E-A037C763D576}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20ABAFEE-2077-4BEF-AB6F-52593B8E6CA3}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CF864B68-9E8A-46A5-BFD7-9CB50F993311}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22FE8E9E-1B49-45E4-AC1C-5D7EE2ADA429}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4bd5c26a-b267-4c76-9800-b5d31ac24d80} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{d3339fcf-96b5-45fc-b257-97618f632f00}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A55DC428-CB05-4E31-BBE1-4AC9257101FC}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CF864B68-9E8A-46A5-BFD7-9CB50F993311} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F20051B-D93F-4EC5-A13E-A037C763D576}\NumMethods\ = "6" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22FE8E9E-1B49-45E4-AC1C-5D7EE2ADA429}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EDF6970E-4557-4BC5-86C2-C7E52A06B27F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4bd5c26a-b267-4c76-9800-b5d31ac24d80}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4bd5c26a-b267-4c76-9800-b5d31ac24d80}\SynchronousInterface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EDF6970E-4557-4BC5-86C2-C7E52A06B27F}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22FE8E9E-1B49-45E4-AC1C-5D7EE2ADA429} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F20051B-D93F-4EC5-A13E-A037C763D576}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B346BA0-2265-4846-AD95-BC77586A5E82} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B346BA0-2265-4846-AD95-BC77586A5E82}\AsynchronousInterface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D3339FCF-96B5-45FC-B257-97618F632F00} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{d3339fcf-96b5-45fc-b257-97618f632f00}\SynchronousInterface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20ABAFEE-2077-4BEF-AB6F-52593B8E6CA3}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EDF6970E-4557-4BC5-86C2-C7E52A06B27F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F20051B-D93F-4EC5-A13E-A037C763D576} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22FE8E9E-1B49-45E4-AC1C-5D7EE2ADA429}\AsynchronousInterface regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F20051B-D93F-4EC5-A13E-A037C763D576}\ = "IGetServer" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A55DC428-CB05-4E31-BBE1-4AC9257101FC}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EDF6970E-4557-4BC5-86C2-C7E52A06B27F}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDE2DC4F-2D9E-4632-A989-68712CDB4B45}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20ABAFEE-2077-4BEF-AB6F-52593B8E6CA3} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EDF6970E-4557-4BC5-86C2-C7E52A06B27F}\InProcServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDE2DC4F-2D9E-4632-A989-68712CDB4B45}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B346BA0-2265-4846-AD95-BC77586A5E82}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F20051B-D93F-4EC5-A13E-A037C763D576}\ProxyStubClsid32\ = "{EDF6970E-4557-4BC5-86C2-C7E52A06B27F}" regsvr32.exe