Analysis
-
max time kernel
125s -
max time network
154s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
18-12-2024 21:35
Behavioral task
behavioral1
Sample
Setup_Update/SetupUpdate.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral2
Sample
Setup_Update/hidserv.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral3
Sample
Setup_Update/hlink.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral4
Sample
Setup_Update/hmkd.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral5
Sample
Setup_Update/hnetcfg.dll
Resource
win10ltsc2021-20241211-en
General
-
Target
Setup_Update/hlink.dll
-
Size
160KB
-
MD5
8342acb306d837da7627f58159ebd910
-
SHA1
90d84bb0b369d13c38d30e40b6a7c83481e330da
-
SHA256
4aa272633cf76867a6029fb54c8de50441b8df3b5e11cb956edacdc0cbb19e78
-
SHA512
e38e174b508c43531e497d8c48dcbc7121cc4744c2680b5f17164f4340032f9336cd1ddc3049a5b33bf93663ebc9d71262b84cd73a298514bf6fd4871879a406
-
SSDEEP
3072:SkvtlaOK/CxHHUpvA8Yk/j+eI6CbiMLPdJSKsQkfzB+PlhjPvp41h9dL0s2Ko2IG:SkllaOK/CtHU5A8Yk/j+eI6CbiMLPdJq
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79eac9d0-baf9-11ce-8c82-00aa004ba90b} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79eac9d0-baf9-11ce-8c82-00aa004ba90b}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79eac9d1-baf9-11ce-8c82-00aa004ba90b} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79eac9d1-baf9-11ce-8c82-00aa004ba90b}\InprocServer32 regsvr32.exe