Overview
overview
5Static
static
3EzExtractSetup.exe
windows10-2004-x64
4EzExtractSetup.exe
windows11-21h2-x64
4$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDIR/INetC.dll
windows11-21h2-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...st.exe
windows10-2004-x64
4$PLUGINSDI...st.exe
windows11-21h2-x64
4$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3GoogleUpdateSetup.exe
windows10-2004-x64
4GoogleUpdateSetup.exe
windows11-21h2-x64
4$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3EzExtractP...ll.dll
windows10-2004-x64
1EzExtractP...ll.dll
windows11-21h2-x64
1EzExtractProShell.dll
windows10-2004-x64
5EzExtractProShell.dll
windows11-21h2-x64
5EzExtractP...32.dll
windows10-2004-x64
3EzExtractP...32.dll
windows11-21h2-x64
3Analysis
-
max time kernel
96s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01-10-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
EzExtractSetup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
EzExtractSetup.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NsisPlugin.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NsisPlugin.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/gcinst.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/gcinst.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
GoogleUpdateSetup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
GoogleUpdateSetup.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
EzExtractProCoreDll.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
EzExtractProCoreDll.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
EzExtractProShell.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
EzExtractProShell.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
EzExtractProShell32.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
EzExtractProShell32.dll
Resource
win11-20240802-en
windows11-21h2-x64
General
-
Target
EzExtractProShell.dll
-
Size
167KB
-
MD5
968e162057c49c860813e465bfd3c2fa
-
SHA1
78e5b2e365a3cd7bd3f7fc4dfd9991568ee2ec8d
-
SHA256
08ccd848487f570175e3c5b8fa70b04ce30e3afb9f43b4105180e2eb079c85c6
-
SHA512
5c41164239607fd32393742943e588d461b8a1d276d9e8142929aa7a22b6f5a82a723b2fff0389ed84677cb9ea9cbf1d793a66d27c367b8f7b9909a242f94eec
-
SSDEEP
3072:Bq7Kl734yjiELlcCQyUTaM+iK5BVlnJPO4RD5Hb0CreXKL6XSV:BZB34yjBBjQyUdO3VNN5wLK
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar\shellex regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.iso\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EzExtractProShell.dll" regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive\DefaultIcon regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lz\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ManualSafeSave = "1" regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.cab\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.lz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex regsvr32.exe