Overview

overview

10

Static

static

3

Loader_dll...es.dll

windows10-2004-x64

1

Loader_dll...ce.dll

windows10-2004-x64

7

Loader_dll...er.dll

windows10-2004-x64

1

Loader_dll...st.dll

windows10-2004-x64

1

Loader_dll...cs.dll

windows10-2004-x64

1

Loader_dll...47.dll

windows10-2004-x64

1

Loader_dll...12.exe

windows7-x64

1

Loader_dll...12.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-11-2024 19:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader_dll/TableTextService.dll

  • Size

    649KB

  • MD5

    ac46ab38c3258e6e201243546a705cc9

  • SHA1

    6df36de077c38ae6039b1682c940e7694cd40700

  • SHA256

    73762426730d7ee614e5d98e9722da1d52bd1dcbed0c735a5cf74d07e8e76a10

  • SHA512

    18def451851e5210ab7724cf0c92c2b4cf003df83cb3857e990c84a6fd3cb84d48e79df1bac0d216429abadcef1a85504e7cc9c7e591ba95f4e86ccd618f2ff4

  • SSDEEP

    6144:YZZ4gPlUMNfNBepnXotTcHFpOFhl5d39rIX/ZZQ:YZbWMN3eKtTclUFhfdtc/ZK

Score
7/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Modifies registry class 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Loader_dll\TableTextService.dll
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads