Analysis Overview
SHA256
37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31
Threat Level: Known bad
The file 37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31 was found to be: Known bad.
Malicious Activity Summary
RMS
Executes dropped EXE
UPX packed file
Stops running service(s)
Sets file to hidden
Loads dropped DLL
Launches sc.exe
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Runs .reg file with regedit
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: SetClipboardViewer
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-04-18 18:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-18 18:02
Reported
2022-04-19 01:45
Platform
win7-20220414-en
Max time kernel
144s
Max time network
150s
Command Line
Signatures
RMS
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\ehome\ASCON\drv_install(x86).exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\WUDLicense.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\WUDLicense.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\WUDLicense.exe | N/A |
Sets file to hidden
Stops running service(s)
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
Drops file in Windows directory
Launches sc.exe
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\WUDLicense.exe | N/A |
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\ehome\ASCON\WUDLicense.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
| N/A | N/A | C:\Windows\ehome\ASCON\xpsrchv.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
"C:\Users\Admin\AppData\Local\Temp\37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe"
C:\Windows\ehome\ASCON\drv_install(x86).exe
"C:\Windows\ehome\ASCON\drv_install(x86).exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Windows\ehome\ASCON\SystemInstall.bat" "
C:\Windows\SysWOW64\attrib.exe
attrib +s +h "C:\Windows\ehome\ASCON"
C:\Windows\SysWOW64\sc.exe
sc stop AdobeReader
C:\Windows\SysWOW64\sc.exe
sc stop RManService
C:\Windows\SysWOW64\sc.exe
sc delete AdobeReader
C:\Windows\SysWOW64\sc.exe
sc delete RManService
C:\Windows\SysWOW64\taskkill.exe
taskkill /im rfusclient.exe /f
C:\Windows\SysWOW64\taskkill.exe
taskkill /im rutserv.exe /f
C:\Windows\SysWOW64\taskkill.exe
taskkill /im WUDLicense.exe /f
C:\Windows\SysWOW64\taskkill.exe
taskkill /im xpsrchv.exe /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\SYSTEM\Hardware System\DeviceXPS" /f
C:\Windows\ehome\ASCON\xpsrchv.exe
"C:\Windows\ehome\ASCON\xpsrchv.exe" /silentinstall
C:\Windows\ehome\ASCON\xpsrchv.exe
"C:\Windows\ehome\ASCON\xpsrchv.exe" /firewall
C:\Windows\SysWOW64\regedit.exe
regedit /s "C:\Windows\ehome\ASCON\drv_set.reg"
C:\Windows\SysWOW64\sc.exe
sc failure WUDLicense reset= 0 actions= restart/1000/restart/1000/restart/1000
C:\Windows\SysWOW64\sc.exe
sc config WUDLicense obj= LocalSystem type= interact type= own
C:\Windows\ehome\ASCON\xpsrchv.exe
"C:\Windows\ehome\ASCON\xpsrchv.exe" /start
C:\Windows\ehome\ASCON\xpsrchv.exe
C:\Windows\ehome\ASCON\xpsrchv.exe
C:\Windows\ehome\ASCON\WUDLicense.exe
C:\Windows\ehome\ASCON\WUDLicense.exe
C:\Windows\ehome\ASCON\WUDLicense.exe
C:\Windows\ehome\ASCON\WUDLicense.exe /tray
C:\Windows\ehome\ASCON\WUDLicense.exe
C:\Windows\ehome\ASCON\WUDLicense.exe /tray
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rmansys.ru | udp |
| RU | 31.31.198.18:80 | rmansys.ru | tcp |
| RU | 31.31.198.18:80 | rmansys.ru | tcp |
| US | 8.8.8.8:53 | rms-server.tektonit.ru | udp |
| RU | 95.213.205.83:5655 | rms-server.tektonit.ru | tcp |
Files
memory/1076-54-0x00000000756A1000-0x00000000756A3000-memory.dmp
\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
memory/1928-58-0x0000000000000000-mapping.dmp
C:\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
C:\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
C:\Windows\ehome\ASCON\SystemInstall.bat
| MD5 | c7a1b5b843094dc26cc706be17653e9a |
| SHA1 | 8fcf9a42c1ea48557fce03c731c3e197303f407f |
| SHA256 | 059c65efe42cc3e0d847157747d07f6d0ad2c32e7bf653e7325fb8531783b9c8 |
| SHA512 | 9598082cc3ad5836d1c7cbf3101405ac96adcd05abd58c4cdb3b59ed22fe0cdf228edf20b946ad5fa3dcaecf7d27f63f1da3d26e920a1810ff00da53bb5236d2 |
\Windows\ehome\ASCON\drv_install(x86).exe
| MD5 | a8f7d6a03fe2b4a496368be6de61e4de |
| SHA1 | 20c7ebc1285fe9e2d0912a78914f41c5b832bc13 |
| SHA256 | a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff |
| SHA512 | 3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb |
memory/1624-67-0x0000000000000000-mapping.dmp
memory/1976-69-0x0000000000000000-mapping.dmp
memory/1456-71-0x0000000000000000-mapping.dmp
memory/1860-73-0x0000000000000000-mapping.dmp
memory/1704-75-0x0000000000000000-mapping.dmp
memory/1728-77-0x0000000000000000-mapping.dmp
memory/916-79-0x0000000000000000-mapping.dmp
memory/1308-81-0x0000000000000000-mapping.dmp
memory/1096-83-0x0000000000000000-mapping.dmp
memory/1340-85-0x0000000000000000-mapping.dmp
memory/836-87-0x0000000000000000-mapping.dmp
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
C:\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
memory/1656-91-0x0000000000000000-mapping.dmp
C:\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
C:\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
memory/812-97-0x0000000000000000-mapping.dmp
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
memory/1564-102-0x0000000000000000-mapping.dmp
C:\Windows\ehome\ASCON\drv_set.reg
| MD5 | 549cf43073d9edb36ab2d624fce43d71 |
| SHA1 | 50fec07a156c83e3009b394b042db44d9e575ec0 |
| SHA256 | 398b2e5c3bdd4079b8e5a7bf1712dbbdc685c650ccef0d7fde4bd66c91dd9c77 |
| SHA512 | 4395b64b65abb1218ad755a6c9a55f5e105d93758e5b4029a59dffd742a89d7908255a27c48cfb2ca2bc49a680e506c88af1e38db4399e8241a4e49ba027b8a9 |
memory/1680-105-0x0000000000000000-mapping.dmp
memory/1808-107-0x0000000000000000-mapping.dmp
memory/1528-110-0x0000000000000000-mapping.dmp
C:\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
C:\Windows\ehome\ASCON\xpsrchv.exe
| MD5 | 4dc099cee622d4269283da9259f0020f |
| SHA1 | 8af35092e8e562584c108bd401096e7ad4af83fe |
| SHA256 | 9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e |
| SHA512 | 71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006 |
C:\Windows\ehome\ASCON\Russian.lg
| MD5 | e44e34bc285b709f08f967325d9c8be1 |
| SHA1 | e73f05c6a980ec9d006930c5343955f89579b409 |
| SHA256 | 1d99a7b5f7b3daa61fa773972b1e335aa09b92411484f6ddc99d2b2894455a5b |
| SHA512 | 576b292b6e9cf022822443e050994462a6cbd9a3c60063bae9f54c78a84e75e17bb5eddf7e259a22a9d93f757cb6536c503762e2a30e75091e40c2756cde8727 |
C:\Windows\ehome\ASCON\vp8decoder.dll
| MD5 | d43fa82fab5337ce20ad14650085c5d9 |
| SHA1 | 678aa092075ff65b6815ffc2d8fdc23af8425981 |
| SHA256 | c022958429edd94bfe31f2eacfe24ff6b45d6f12747725c449a36116373de03b |
| SHA512 | 103e61a9f58df03316676a074487e50ec518479c11068df3736df139b85c7671048c65bce0ef2c55b3c50c61fde54e9e6c7d1b795aea71263ae94c91d4874e0d |
C:\Windows\ehome\ASCON\vp8encoder.dll
| MD5 | dab4646806dfca6d0e0b4d80fa9209d6 |
| SHA1 | 8244dfe22ec2090eee89dad103e6b2002059d16a |
| SHA256 | cb6ef96d3a66ef08ec2c8640b751a52d6d4f4530cf01162a69966f0fd5153587 |
| SHA512 | aa5eb93bf23a10de797d6fb52a55a95d36bc48927c76fedd81e0c48872745cb7f7d1b3f230eaae42fd4e79b6a59ca707e56bd6963b03644cbd5984f11e98d6e7 |
C:\Windows\ehome\ASCON\webmmux.dll
| MD5 | 9581f7064028a782182e8a4411e9afa5 |
| SHA1 | 9356d9f62fc38a1150c3cad556b2a531cd7d430b |
| SHA256 | 320a23db8d34bd2628078903d4496d4b9320d50c13d11283f77a8c3b9ec36698 |
| SHA512 | 01c5a711bd0d7cea5cae906c163b7a98c3b09b8ce5a5b52f096d806e20d7f28fe3e174eb6ba8ff630b870b1cea3d9d72905227a989d70e312d79b55644e6442c |
C:\Windows\ehome\ASCON\webmvorbisdecoder.dll
| MD5 | ec59d88c3ebda7c2ce36dcdbe4c67e5b |
| SHA1 | 8b01a5730ebda5729a57d97abec1de00c7cf0218 |
| SHA256 | 54b661f2d55f5cafccd7aca334efb89e908b3f19e3e35c9aa661221b31ec60e3 |
| SHA512 | 46963b390affcb1f6e5d42ae4f4a67a453d9048e8f8b825bb543a1c2031f1ece07d2f295d30eff51a6624bf096e0d10f8ba8d6516b28e63926f214eb7d7e5b84 |
C:\Windows\ehome\ASCON\webmvorbisencoder.dll
| MD5 | 12eba58e4c0450ccb2d9fdce22255d09 |
| SHA1 | 1f88ce0834e0bcf0f61ed0557204ef05dd577b1e |
| SHA256 | c80464f71b46411b01962b6095acd6eb2ed09ad8d6eb0a67840826a6297823b2 |
| SHA512 | 08f999aeb55968de3dacb560a25174e5a1c29eb2ea95a6fc8f770c10369263e2f8cea525f93c89a0e03954ff1221b4486641fc9a892d53a8857e9cf441ec05d4 |
C:\Windows\ehome\ASCON\WUDLicense.exe
| MD5 | 64f12becc50082532cd14498bd496a76 |
| SHA1 | a13356f88919f79fd5381eef3dd9e0b2d964a03e |
| SHA256 | 275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9 |
| SHA512 | 81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59 |
\Windows\ehome\ASCON\WUDLicense.exe
| MD5 | 64f12becc50082532cd14498bd496a76 |
| SHA1 | a13356f88919f79fd5381eef3dd9e0b2d964a03e |
| SHA256 | 275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9 |
| SHA512 | 81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59 |
C:\Windows\ehome\ASCON\WUDLicense.exe
| MD5 | 64f12becc50082532cd14498bd496a76 |
| SHA1 | a13356f88919f79fd5381eef3dd9e0b2d964a03e |
| SHA256 | 275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9 |
| SHA512 | 81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59 |
memory/1164-125-0x0000000000000000-mapping.dmp
memory/1888-128-0x0000000000000000-mapping.dmp
C:\Windows\ehome\ASCON\WUDLicense.exe
| MD5 | 64f12becc50082532cd14498bd496a76 |
| SHA1 | a13356f88919f79fd5381eef3dd9e0b2d964a03e |
| SHA256 | 275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9 |
| SHA512 | 81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59 |
C:\Windows\ehome\ASCON\WUDLicense.exe
| MD5 | 64f12becc50082532cd14498bd496a76 |
| SHA1 | a13356f88919f79fd5381eef3dd9e0b2d964a03e |
| SHA256 | 275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9 |
| SHA512 | 81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59 |
memory/2024-131-0x0000000000000000-mapping.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-04-18 18:02
Reported
2022-04-19 01:42
Platform
win10v2004-20220310-en