77374fb48cda6e8739732672bbe6fed90e2e4a0ceed0a4e460f193135485fe50

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EqualizerAPO.dll
Size

620KB
MD5

30cd687d92a837e9ced52ed63cbfff9f
SHA1

41c6b468891442f1dd34128bb58917d983fd1bb3
SHA256

82597002b0ece342862dc32085b44c0ab3cb6f669b075eb2840f99f46ccd2630
SHA512

6ee8085db534dd688abab6cb99a08a8d2ab7297120097dd789a9e6a5b9d401ce5ee916f2aa4dd1db89a1ad957bba127789efd2d53cee23df1ef008f19565674e
SSDEEP

6144:NQpKDWC5QWiSFkD5hR1OM9rv58nIOMtY0mw3dSH/mRt0OCKflL0yoqUmUNUAPXTp:upo/RDU5hrO85lOMhmwsSP7bA/TYaZF

Score

7^/10

persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Modifies registry class 37 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MajorVersion = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinInputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinorVersion = "0"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinOutputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\NumAPOInterfaces = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\Copyright = "Copyright (C) 2015"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\Flags = "13"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxInputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\NumAPOInterfaces = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinorVersion = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MajorVersion = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinOutputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EqualizerAPO.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\FriendlyName = "EqualizerAPO"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxOutputConnections = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxInputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\ = "EqualizerAPO Post-Mix Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\ = "EqualizerAPO Pre-Mix Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxInstances = "4294967295"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\Copyright = "Copyright (C) 2015"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxOutputConnections = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinInputConnections = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\FriendlyName = "EqualizerAPO"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\Flags = "13"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EqualizerAPO.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxInstances = "4294967295"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\EqualizerAPO.dll
1⤵
- Modifies registry class
PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads