54901f287b0c453752404b2f76d9576ee1bf4ef31f66f8fa14422af77ec8577c

Analysis

max time kernel
92s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54901f287b0c453752404b2f76d9576ee1bf4ef31f66f8fa14422af77ec8577c.dll
Size

1.2MB
MD5

dd931166c1ba8aa98c30dc2fd62fd405
SHA1

ddb7c4fa9acfaa7498e620a97be9f8f7de85362d
SHA256

54901f287b0c453752404b2f76d9576ee1bf4ef31f66f8fa14422af77ec8577c
SHA512

3aa2c5a7aa3cca21345a1d243e83a05f2bf9db5a9e000ccc1da6286ac9a6ffe099b718969a5cc17ff9da3df736f1cf99414e08b3464d56208c68c35fc602d32a
SSDEEP

12288:I4G/LPTco5LQ5u56r1Dsa9m54YYJqyh6qhsud23fe2skCSXf4bH/Qk22QA9YN:I4G/LP5+uIr1Qh57N0rQA9YN

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F1E50292-A795-4117-8E09-2B560A72AC60}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A39EE748-6A27-4817-A6F2-13914BEF5890}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D0-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2AD1EDAF-D83D-48B5-9ADF-03DBE19F53BD}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC4801A1-2BA9-11CF-A229-00AA003D7352}\ = "IBindHost"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC4801A1-2BA9-11CF-A229-00AA003D7352}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5CA5F7F-1847-4D87-9C5B-918509F7511D}\ = "IMonikerProp"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A39EE748-6A27-4817-A6F2-13914BEF5890}\ = "IUri"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C0-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC4801A1-2BA9-11CF-A229-00AA003D7352}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C9-BAF9-11CE-8C82-00AA004BA90B}\NumMethods\ = "9"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F164EDF1-CC7C-4F0D-9A94-34222625C393}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAA74EF9-8EE7-4659-88D9-F8C504DA73CC}\ = "IBindStatusCallbackEx"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D0-BAF9-11CE-8C82-00AA004BA90B}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5CA5F7F-1847-4D87-9C5B-918509F7511D}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F9F9FCB-E0F4-48EB-B7AB-FA2EA9365CB4}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D6-BAFA-11CE-8C82-00AA004BA90B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F1E50292-A795-4117-8E09-2B560A72AC60}\NumMethods\ = "16"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A39EE748-6A27-4817-A6F2-13914BEF5890}\NumMethods\ = "28"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A39EE748-6A27-4817-A6F2-13914BEF5890}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A39EE748-6A27-4817-A6F2-13914BEF5890}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C9-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C1-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D8-BAFA-11CE-8C82-00AA004BA90B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C0-BAF9-11CE-8C82-00AA004BA90B}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C0-BAF9-11CE-8C82-00AA004BA90B}\NumMethods\ = "9"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F164EDF1-CC7C-4F0D-9A94-34222625C393}\NumMethods\ = "12"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2AD1EDAF-D83D-48B5-9ADF-03DBE19F53BD}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9EE-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D2-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F9F9FCB-E0F4-48EB-B7AB-FA2EA9365CB4}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D2-BAF9-11CE-8C82-00AA004BA90B}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D6-BAFA-11CE-8C82-00AA004BA90B}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C9-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAA74EF9-8EE7-4659-88D9-F8C504DA73CC}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D0-BAF9-11CE-8C82-00AA004BA90B}\ = "IAuthenticate"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2AD1EDAF-D83D-48B5-9ADF-03DBE19F53BD}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F9F9FCB-E0F4-48EB-B7AB-FA2EA9365CB4}\ = "IHttpNegotiate2"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A39EE748-6A27-4817-A6F2-13914BEF5890}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAA74EF9-8EE7-4659-88D9-F8C504DA73CC}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC4801A1-2BA9-11CF-A229-00AA003D7352}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D8-BAFA-11CE-8C82-00AA004BA90B}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5CA5F7F-1847-4D87-9C5B-918509F7511D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D6-BAFA-11CE-8C82-00AA004BA90B}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D6-BAFA-11CE-8C82-00AA004BA90B}\NumMethods\ = "4"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAA74EF9-8EE7-4659-88D9-F8C504DA73CC}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D2-BAF9-11CE-8C82-00AA004BA90B}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F164EDF1-CC7C-4F0D-9A94-34222625C393}\ = "IInternetSecurityManagerEx"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F1E50292-A795-4117-8E09-2B560A72AC60}\ = "IInternetSecurityManagerEx2"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D6-BAFA-11CE-8C82-00AA004BA90B}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C1-BAF9-11CE-8C82-00AA004BA90B}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D6-BAFA-11CE-8C82-00AA004BA90B}\ = "IWinInetInfo"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D0-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D8-BAFA-11CE-8C82-00AA004BA90B}\ = "IWinInetHttpInfo"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9C9-BAF9-11CE-8C82-00AA004BA90B}\ = "IPersistMoniker"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9EE-BAF9-11CE-8C82-00AA004BA90B}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F164EDF1-CC7C-4F0D-9A94-34222625C393}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D0-BAF9-11CE-8C82-00AA004BA90B}\NumMethods\ = "4"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D2-BAF9-11CE-8C82-00AA004BA90B}\NumMethods\ = "5"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5CA5F7F-1847-4D87-9C5B-918509F7511D}\ProxyStubClsid32\ = "{79EAC9F1-BAF9-11CE-8C82-00AA004BA90B}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9D0-BAF9-11CE-8C82-00AA004BA90B}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC4801A1-2BA9-11CF-A229-00AA003D7352}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79EAC9EE-BAF9-11CE-8C82-00AA004BA90B}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F1E50292-A795-4117-8E09-2B560A72AC60}	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\54901f287b0c453752404b2f76d9576ee1bf4ef31f66f8fa14422af77ec8577c.dll
1⤵
- Modifies registry class
PID:2080

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads