049a92c5cc5b81645504e2ef4107ca6c079dd2d9007524c8e278a52d541e3530

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

049a92c5cc5b81645504e2ef4107ca6c079dd2d9007524c8e278a52d541e3530.dll
Size

59KB
MD5

11b6012ca7147d923865623508141d3d
SHA1

6758b41b2b9c239f066f031d8b0abcf49384defd
SHA256

049a92c5cc5b81645504e2ef4107ca6c079dd2d9007524c8e278a52d541e3530
SHA512

dd0b3af74fc15e1399880e6d26201295a3aa0a50f37351c4079b77bda0d19e4f326f7d984aa919baddde3050956e85e36167b1fe0d17c6c20c80e85edabce2c9
SSDEEP

768:QHOlwY1ZscptqnVcsPBwD3Ai4qDPmt/ZyHRVbHOlwY:QuxsItqQ3AiG/ZyHRpu

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3440	hrl6DB3.tmp
4288	nsztsq.exe

Loads dropped DLL 1 IoCs

pid	Process
4288	nsztsq.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\gei33.dll	nsztsq.exe
File created	C:\Windows\SysWOW64\nsztsq.exe	hrl6DB3.tmp
File opened for modification	C:\Windows\SysWOW64\nsztsq.exe	hrl6DB3.tmp

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4860	4656	rundll32.exe	81
PID 4656 wrote to memory of 4860	4656	rundll32.exe	81
PID 4656 wrote to memory of 4860	4656	rundll32.exe	81
PID 4860 wrote to memory of 3440	4860	rundll32.exe	82
PID 4860 wrote to memory of 3440	4860	rundll32.exe	82
PID 4860 wrote to memory of 3440	4860	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\049a92c5cc5b81645504e2ef4107ca6c079dd2d9007524c8e278a52d541e3530.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\049a92c5cc5b81645504e2ef4107ca6c079dd2d9007524c8e278a52d541e3530.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4860
- - C:\Users\Admin\AppData\Local\Temp\hrl6DB3.tmp
    C:\Users\Admin\AppData\Local\Temp\hrl6DB3.tmp
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    PID:3440

C:\Windows\SysWOW64\nsztsq.exe
C:\Windows\SysWOW64\nsztsq.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:4288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hrl6DB3.tmp

Filesize
49KB

MD5
ad9d6bf90e5b32af7a6df0b8b31be50e

SHA1
dcef7ca1105e14c139dc1622ab7f1364cc3c8a83

SHA256
597ac8ceadf7971d7e5c75adfe746811ca33863f7a4ac660f83f29c9d71a1287

SHA512
1d35eb963a9ced857744973ee534613e5882c4900ee81eba514dafe58e8897a679632a2057b488b962f7a816c406e74714a7c4707bba5005f8c09ced697fa714

Download Submit
C:\Users\Admin\AppData\Local\Temp\hrl6DB3.tmp

Filesize
49KB

MD5
ad9d6bf90e5b32af7a6df0b8b31be50e

SHA1
dcef7ca1105e14c139dc1622ab7f1364cc3c8a83

SHA256
597ac8ceadf7971d7e5c75adfe746811ca33863f7a4ac660f83f29c9d71a1287

SHA512
1d35eb963a9ced857744973ee534613e5882c4900ee81eba514dafe58e8897a679632a2057b488b962f7a816c406e74714a7c4707bba5005f8c09ced697fa714

Download Submit
C:\Windows\SysWOW64\gei33.dll

Filesize
59KB

MD5
11b6012ca7147d923865623508141d3d

SHA1
6758b41b2b9c239f066f031d8b0abcf49384defd

SHA256
049a92c5cc5b81645504e2ef4107ca6c079dd2d9007524c8e278a52d541e3530

SHA512
dd0b3af74fc15e1399880e6d26201295a3aa0a50f37351c4079b77bda0d19e4f326f7d984aa919baddde3050956e85e36167b1fe0d17c6c20c80e85edabce2c9

Download Submit
C:\Windows\SysWOW64\nsztsq.exe

Filesize
49KB

MD5
ad9d6bf90e5b32af7a6df0b8b31be50e

SHA1
dcef7ca1105e14c139dc1622ab7f1364cc3c8a83

SHA256
597ac8ceadf7971d7e5c75adfe746811ca33863f7a4ac660f83f29c9d71a1287

SHA512
1d35eb963a9ced857744973ee534613e5882c4900ee81eba514dafe58e8897a679632a2057b488b962f7a816c406e74714a7c4707bba5005f8c09ced697fa714

Download Submit
C:\Windows\SysWOW64\nsztsq.exe

Filesize
49KB

MD5
ad9d6bf90e5b32af7a6df0b8b31be50e

SHA1
dcef7ca1105e14c139dc1622ab7f1364cc3c8a83

SHA256
597ac8ceadf7971d7e5c75adfe746811ca33863f7a4ac660f83f29c9d71a1287

SHA512
1d35eb963a9ced857744973ee534613e5882c4900ee81eba514dafe58e8897a679632a2057b488b962f7a816c406e74714a7c4707bba5005f8c09ced697fa714

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads