Analysis

  • max time kernel
    92s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-11-2024 11:31

General

  • Target

    assets/WsUpgrade.dll

  • Size

    201KB

  • MD5

    9d99b0e88cc4eaa43141dea9e31ed3be

  • SHA1

    442e48476650e97cfac8e8088a7315b9804be0c1

  • SHA256

    061de26f44da62a17eecb71f078ef90a9c8784e7c58500984314c74b32c12e46

  • SHA512

    2a0cd7adf67e535cf4a40988d6da4ee69970694875504ea7f7e68cef19e01675557bd3021d867c2bb837d1c3e8287d710259c921967324255c53d0351c6d48df

  • SSDEEP

    3072:a0qV+qDh/7k8Rr92ZSbTP6c27UxDOUreaNQbmOhG7/tfxvharBjnt:a0qVHV1IwTPrFtOe/tzarB7

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Modifies registry class 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\assets\WsUpgrade.dll
    1⤵
    • Modifies registry class
    PID:3520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads