Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 19:51

General

  • Target

    EqualizerAPO.dll

  • Size

    620KB

  • MD5

    30cd687d92a837e9ced52ed63cbfff9f

  • SHA1

    41c6b468891442f1dd34128bb58917d983fd1bb3

  • SHA256

    82597002b0ece342862dc32085b44c0ab3cb6f669b075eb2840f99f46ccd2630

  • SHA512

    6ee8085db534dd688abab6cb99a08a8d2ab7297120097dd789a9e6a5b9d401ce5ee916f2aa4dd1db89a1ad957bba127789efd2d53cee23df1ef008f19565674e

  • SSDEEP

    6144:NQpKDWC5QWiSFkD5hR1OM9rv58nIOMtY0mw3dSH/mRt0OCKflL0yoqUmUNUAPXTp:upo/RDU5hrO85lOMhmwsSP7bA/TYaZF

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Modifies registry class 37 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\EqualizerAPO.dll
    1⤵
    • Modifies registry class
    PID:3860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads