Overview
overview
7Static
static
3alert.html
windows7-x64
3alert.html
windows10-2004-x64
3bidvertizer.html
windows7-x64
3bidvertizer.html
windows10-2004-x64
3code/advertising.js
windows7-x64
3code/advertising.js
windows10-2004-x64
3code/alert.js
windows7-x64
3code/alert.js
windows10-2004-x64
3code/animation.js
windows7-x64
3code/animation.js
windows10-2004-x64
3code/flyout.js
windows7-x64
3code/flyout.js
windows10-2004-x64
3code/gadget.js
windows7-x64
3code/gadget.js
windows10-2004-x64
3code/heart_menu.js
windows7-x64
3code/heart_menu.js
windows10-2004-x64
3code/settings.js
windows7-x64
3code/settings.js
windows10-2004-x64
3code/update.js
windows7-x64
3code/update.js
windows10-2004-x64
3code/utils.js
windows7-x64
3code/utils.js
windows10-2004-x64
3gadget.html
windows7-x64
3gadget.html
windows10-2004-x64
3gadget32.dll
windows7-x64
7gadget32.dll
windows10-2004-x64
7gadget64.dll
windows7-x64
7gadget64.dll
windows10-2004-x64
7index2.html
windows7-x64
3index2.html
windows10-2004-x64
3Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
14/09/2024, 14:34
Static task
static1
Behavioral task
behavioral1
Sample
alert.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
alert.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
bidvertizer.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
bidvertizer.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
code/advertising.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
code/advertising.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
code/alert.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
code/alert.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
code/animation.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
code/animation.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
code/flyout.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
code/flyout.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
code/gadget.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
code/gadget.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
code/heart_menu.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
code/heart_menu.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
code/settings.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
code/settings.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
code/update.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
code/update.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
code/utils.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
code/utils.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
gadget.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
gadget.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
gadget32.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral26
Sample
gadget32.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
gadget64.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral28
Sample
gadget64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
index2.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
index2.html
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
gadget64.dll
-
Size
99KB
-
MD5
bb97a1f12083f49d0c337d1221448bab
-
SHA1
4f8e769bdce874fef3b715749c1568393dc62919
-
SHA256
c3a962b989beeaaee31127dc133a90c191e670be65894baeccbd5ae9637d4f06
-
SHA512
1578b273a9321439ebb7cc55e2523b14379666b4baec096900de31e39bc899b5de970bcbbce773c444e781f98134d09f3464426ca595403f1c31ba210d8b4a43
-
SSDEEP
1536:EWPVJJT8Sa48UU4w/rgQKcfaL30q/VDELarEzQ45fbYM:DPbV8S+UUDjg1cfaLhuLarEM45fbt
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 55 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\TypeLib regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\AppID regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gadget64.dll" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0\ = "gadget 1.0 Type Library" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\AppID\gadget.DLL regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\AppID\gadget.DLL\AppID = "{D880F057-504C-44AB-8D0C-3AB77A4E5294}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\TypeLib\ = "{58BC2530-5347-4CF9-B389-F72D0F2CD68F}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper\CLSID\ = "{3980AD37-207D-455D-88E5-BEC590BA4C6E}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\ProgID\ = "gadget.DcGadgetHelper.1" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\ = "IDcGadgetHelper" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper\CLSID regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\ = "DcGadgetHelper Class" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\TypeLib regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper\CurVer regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Interface regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper\CurVer\ = "gadget.DcGadgetHelper.1" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\ProgID regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\AppID\{D880F057-504C-44AB-8D0C-3AB77A4E5294} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\AppID\{D880F057-504C-44AB-8D0C-3AB77A4E5294}\ = "gadget" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper.1\CLSID\ = "{3980AD37-207D-455D-88E5-BEC590BA4C6E}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\TypeLib\ = "{58BC2530-5347-4CF9-B389-F72D0F2CD68F}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\VersionIndependentProgID\ = "gadget.DcGadgetHelper" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\Programmable regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\InprocServer32 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0\0 regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper.1\ = "DcGadgetHelper Class" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper.1\CLSID regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper\ = "DcGadgetHelper Class" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gadget64.dll" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\ = "IDcGadgetHelper" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0\0\win64 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node\Interface regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\TypeLib\ = "{58BC2530-5347-4CF9-B389-F72D0F2CD68F}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\gadget.DcGadgetHelper.1 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0\HELPDIR regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\TypeLib\{58BC2530-5347-4CF9-B389-F72D0F2CD68F}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Wow6432Node\Interface\{6E0C8300-BD0D-417E-9D2C-369530871A7E}\TypeLib regsvr32.exe