Malware Analysis Report

2025-03-15 08:30

Sample ID 250225-vdz1bsxmz6
Target dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e
SHA256 dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e
Tags
banload downloader dropper persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e

Threat Level: Known bad

The file dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e was found to be: Known bad.

Malicious Activity Summary

banload downloader dropper persistence privilege_escalation trojan

Banload

Banload family

Event Triggered Execution: Component Object Model Hijacking

Checks BIOS information in registry

Unsigned PE

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-25 16:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-25 16:53

Reported

2025-02-25 16:55

Platform

win7-20240729-en

Max time kernel

16s

Max time network

16s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Windows\system32\regsvr32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Windows\system32\regsvr32.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Version\ = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\ = "Connect Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CurVer\ = "NoteFavorites2021.Connect.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ = "Connect Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ProgID\ = "NoteFavorites2021.Connect.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ = "IConnect" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\ProgID\ = "BDATuner.MPEG2TuneRequest.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Version C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\ = "Note Gem - Favorites Tab 2021 1.0 Type Library" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CurVer C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\AppID = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Implemented Categories C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\ProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Programmable C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\VersionIndependentProgID\ = "NoteFavorites2021.Connect" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\ = "BDA Tuning Model MPEG2 Tune Request" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\TypeLib\ = "{9B085638-018E-11D3-9D8E-00C04F72D980}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\CLSID\ = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ = "IConnect" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32\ = "C:\\Windows\\System32\\msvidctl.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\VersionIndependentProgID\ = "BDATuner.MPEG2TuneRequest" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\ = "Connect Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CLSID\ = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\Programmable C:\Windows\system32\regsvr32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll

Network

N/A

Files

memory/1656-0-0x0000000002B40000-0x0000000002D2A000-memory.dmp

memory/1656-10-0x0000000180000000-0x0000000180505000-memory.dmp

memory/1656-12-0x0000000180000000-0x0000000180505000-memory.dmp

memory/1656-15-0x0000000180000000-0x0000000180505000-memory.dmp

memory/1656-13-0x0000000180000000-0x0000000180505000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-25 16:53

Reported

2025-02-25 16:55

Platform

win10v2004-20250217-en

Max time kernel

138s

Max time network

138s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Windows\system32\regsvr32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Windows\system32\regsvr32.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\VersionIndependentProgID\ = "NoteFavorites2021.Connect" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\CLSID\ = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CurVer C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ = "IConnect" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\ = "Note Gem - Favorites Tab 2021 1.0 Type Library" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ = "IConnect" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\ = "Connect Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CurVer\ = "NoteFavorites2021.Connect.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ = "Connect Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\AppID = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ProgID\ = "NoteFavorites2021.Connect.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32\ = "C:\\Windows\\System32\\InputMethod\\SHARED\\ChxUserDictDS.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\ = "Connect Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CLSID\ = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\ = "ChxUserDictDS" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/788-0-0x00000000030A0000-0x000000000328A000-memory.dmp

memory/788-10-0x0000000180000000-0x0000000180505000-memory.dmp

memory/788-12-0x0000000180000000-0x0000000180505000-memory.dmp

memory/788-13-0x0000000180000000-0x0000000180505000-memory.dmp

memory/788-15-0x0000000180000000-0x0000000180505000-memory.dmp