Overview

overview

7

Static

static

1

Dolby_Atmo...m].rar

windows7-x64

3

Dolby_Atmo...m].rar

windows10-2004-x64

3

Dolby_Atmo...me.txt

windows7-x64

1

Dolby_Atmo...me.txt

windows10-2004-x64

1

Dolby_Atmo...e.txt~

windows7-x64

3

Dolby_Atmo...e.txt~

windows10-2004-x64

3

Dolby_Atmo...er.zip

windows7-x64

1

Dolby_Atmo...er.zip

windows10-2004-x64

1

CaptureStr...or.dll

windows7-x64

1

CaptureStr...or.dll

windows10-2004-x64

1

DAX3API.exe

windows7-x64

1

DAX3API.exe

windows10-2004-x64

1

DAX3APIDLL.dll

windows7-x64

1

DAX3APIDLL.dll

windows10-2004-x64

1

Default.xml

windows7-x64

3

Default.xml

windows10-2004-x64

1

DolbyAPOv251.dll

windows7-x64

1

DolbyAPOv251.dll

windows10-2004-x64

7

DolbyAPOvlldp.dll

windows7-x64

1

DolbyAPOvlldp.dll

windows10-2004-x64

7

DolbyAPOvlldp120.dll

windows7-x64

1

DolbyAPOvlldp120.dll

windows10-2004-x64

7

DolbyDspVlldp.dll

windows7-x64

1

DolbyDspVlldp.dll

windows10-2004-x64

7

Headphone_....2.xml

windows7-x64

3

Headphone_....2.xml

windows10-2004-x64

1

Headphone_....2.xml

windows7-x64

3

Headphone_....2.xml

windows10-2004-x64

1

Headphone_....2.xml

windows7-x64

3

Headphone_....2.xml

windows10-2004-x64

1

Headphone_....2.xml

windows7-x64

3

Headphone_....2.xml

windows10-2004-x64

1

Resubmissions

11/09/2024, 18:46 UTC

240911-xe5y3swfpp 7

Analysis

  • max time kernel
    127s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 18:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DolbyAPOvlldp120.dll

  • Size

    1.4MB

  • MD5

    065519b0353217f21554d6bff26fffbb

  • SHA1

    8ac10c163c77f8573315ee3e3bee0106aefe4662

  • SHA256

    e8e4ff12241000f7be4a1c7eb92df63006def111f627028634edaf967bab9b97

  • SHA512

    3f07cdf8fc0ef0f984fb4d2f947ffec54783be74dc20481b801f999cd3d95247660e1eaf05fb11e568965a929ffe8d66cbe7b8adf9672f9e3938b122e8502203

  • SSDEEP

    24576:XwUFGvCKC7Detp4cHxDqzU6EXOfLY6Y8A57sz7Lyj46K3NP22suMJn:Ytp7xD4U6E+fLA8A57snLyj4NPnY

Score
7/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Modifies registry class 33 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\DolbyAPOvlldp120.dll
    1⤵
    • Modifies registry class
    PID:4148

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    20.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.160.190.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    330 B
     5

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    68.32.126.40.in-addr.arpa
    dns
    355 B
     5

    DNS Request

    68.32.126.40.in-addr.arpa

    DNS Request

    68.32.126.40.in-addr.arpa

    DNS Request

    68.32.126.40.in-addr.arpa

    DNS Request

    68.32.126.40.in-addr.arpa

    DNS Request

    68.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    355 B
     5

    DNS Request

    0.205.248.87.in-addr.arpa

    DNS Request

    0.205.248.87.in-addr.arpa

    DNS Request

    0.205.248.87.in-addr.arpa

    DNS Request

    0.205.248.87.in-addr.arpa

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    365 B
     5

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    219 B
     144 B
     3
    1

    DNS Request

    240.221.184.93.in-addr.arpa

    DNS Request

    240.221.184.93.in-addr.arpa

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    20.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    20.160.190.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.