Analysis

  • max time kernel
    125s
  • max time network
    154s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    18-12-2024 21:35

General

  • Target

    Setup_Update/hlink.dll

  • Size

    160KB

  • MD5

    8342acb306d837da7627f58159ebd910

  • SHA1

    90d84bb0b369d13c38d30e40b6a7c83481e330da

  • SHA256

    4aa272633cf76867a6029fb54c8de50441b8df3b5e11cb956edacdc0cbb19e78

  • SHA512

    e38e174b508c43531e497d8c48dcbc7121cc4744c2680b5f17164f4340032f9336cd1ddc3049a5b33bf93663ebc9d71262b84cd73a298514bf6fd4871879a406

  • SSDEEP

    3072:SkvtlaOK/CxHHUpvA8Yk/j+eI6CbiMLPdJSKsQkfzB+PlhjPvp41h9dL0s2Ko2IG:SkllaOK/CtHU5A8Yk/j+eI6CbiMLPdJq

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Modifies registry class 5 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Setup_Update\hlink.dll
    1⤵
    • Modifies registry class
    PID:1712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads