8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8

Analysis

max time kernel
70s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe
Size

3.7MB
MD5

9470e1116d2c7da72ef0e52d1c909534
SHA1

a0abc9cb5909c54f0726d585cc4c44e958fce5b8
SHA256

8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8
SHA512

071d9e38f9cdbfe1158d8f5c550fe18a12f8a7cc60b37c68a2042c535050bdeec00441329de7676ecef855f7d8a349c0f8f5d7366501a9389831c9ba1afdba8b
SSDEEP

98304:ZxEgqflG4MapMQqH96dLB4bWAPcmQrM2Ocz0x4MTdv6otjZWzfl2Qg:shxW0BKP8TI4awotwwB

Score

8^/10

ransomware

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1504	asrv.exe

Loads dropped DLL 16 IoCs

pid	Process
992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe
992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe
1504	asrv.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Desktop\General	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\Users\\Admin\\Pictures\\My Wallpaper.jpg"	regsvr32.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
1888	reg.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1504	asrv.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1504	asrv.exe
1504	asrv.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1504	asrv.exe
1504	asrv.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe
992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 1888	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	27
PID 992 wrote to memory of 1888	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	27
PID 992 wrote to memory of 1888	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	27
PID 992 wrote to memory of 1888	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	27
PID 992 wrote to memory of 1300	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	29
PID 992 wrote to memory of 1300	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	29
PID 992 wrote to memory of 1300	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	29
PID 992 wrote to memory of 1300	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	29
PID 1300 wrote to memory of 688	1300	cmd.exe	31
PID 1300 wrote to memory of 688	1300	cmd.exe	31
PID 1300 wrote to memory of 688	1300	cmd.exe	31
PID 1300 wrote to memory of 688	1300	cmd.exe	31
PID 1300 wrote to memory of 688	1300	cmd.exe	31
PID 1300 wrote to memory of 688	1300	cmd.exe	31
PID 1300 wrote to memory of 688	1300	cmd.exe	31
PID 992 wrote to memory of 1504	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	32
PID 992 wrote to memory of 1504	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	32
PID 992 wrote to memory of 1504	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	32
PID 992 wrote to memory of 1504	992	8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe	32

C:\Users\Admin\AppData\Local\Temp\8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe
"C:\Users\Admin\AppData\Local\Temp\8c6f52a055b20c4ce4dd9cc50359506a58ea12b854fbb76e09eae0d8badf25f8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\Currentversion\Explorer\Advanced /v Hidden /t REG_DWORD /d 2 /f
  2⤵
  - Modifies registry key
  PID:1888
- C:\Windows\SysWOW64\cmd.exe
  cmd /c Start regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll >NUL 2>NUL
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1300
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
    3⤵
    - Sets desktop wallpaper using registry
    - Modifies Internet Explorer settings
    PID:688
- C:\Users\Admin\AppData\Local\Temp\ASound\asrv.exe
  C:\Users\Admin\AppData\Local\Temp\ASound\asrv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1504

C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
1⤵
PID:1836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1ac
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ASound\BASS.DLL

Filesize
97KB

MD5
cbac83b6cb960221b95187e9b079eff1

SHA1
c435b3dbf485c94b5d94150d70052a8120c66e97

SHA256
ba6b87489ef33c4be7e2f9399961066fb367f9cf9f696f295f37f3fae8eb3462

SHA512
f01260edfb3871c9878722dc9f5fefb5e6ccbe782106c27f1a3682becc0e71feca900eac801930a392ff252176809b0433b41019461e9d6e89de0454f8dcbe87

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASSENC.DLL

Filesize
12KB

MD5
013522705cf0e82fb47ea58d9d8d9746

SHA1
cab7c2ddd64b96b0dffd6a0b673fe2623312ba4f

SHA256
771d3f40c5d3007b5d0532eae57573c336e39776055d0b463bc35d0345dfe1b9

SHA512
95ea07e38536971ba2638336a67dd8924167eb20ac1f3183b115a47d2bac22498548c42f1f573f7b8d45a470a9fcb5df4256dbd7584c859aee9926e28e04da60

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASSFLAC.DLL

Filesize
24KB

MD5
50af8a7d49e83a723ed0f70fb682dcfb

SHA1
3c2fad1b5d1dcc5e50819b1a3e65ef7b1d93d717

SHA256
481b418bfb291276b565edd4a6e06948038c10cd8c592c2d81fd82348ef39e6a

SHA512
99aaca0a84e9220408d16fa1465a7549027618b7cb6d665d0ad97627a890ae7141ed7320568fab1132a3d491a950e31b472f45ba68f6c10f0f2aead40dd9fcb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASSMIX.DLL

Filesize
16KB

MD5
161d4ea62061120fb57ce22c89a92a95

SHA1
3601a814efa2ab3aa304c8929c0a60e9167954d6

SHA256
c4855e1572071968efd203537e04c6026593ca30f7c49378f003ad4473e27a18

SHA512
30bfef2493d6f1204835368b9b81c159a12143cb4f5d33a830600ddbf1b6420248df5570466b3d46f4cdc4e0431d0e9e77f2f17f5dcb4b259dc2b963d0678c0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASSWMA.DLL

Filesize
16KB

MD5
56ed969e1304cbd68659585eaba5b3c7

SHA1
318176dc0d10c10006a036ca7faad9dacbc2c7e7

SHA256
ed50478820b61b88969536153e8268c50ac7a8bae45f67435d8b50cfa03f5624

SHA512
7386432adc4b1af2d08a26d5cc4fb1ed1d6a1f5f79a41107ee2944dbcfaa8a03c0dea76def371958fbb7a7eee82eeb122f89359a21417377168552c5d4dccda6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASSWV.DLL

Filesize
27KB

MD5
81cd30daf364ad06e88c11d2171d8117

SHA1
d3d419933fc63af2dfdeef5065d1dbd9ffacbd20

SHA256
eb03ba639920b5f55ca10df4e99a62132f21f09eda93dfa87c6c023577d220f6

SHA512
ff10333e41900b6b2afc6bee03f2439424cd12a9f593e922b9e1a97b2797a181a94f387ccc531b33b1c534d703870271cf8b9315caa5213332c2eedcaf4bd1bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASS_AAC.DLL

Filesize
147KB

MD5
99b7b694e20e084d4921da3a268f75f8

SHA1
af147f38694163e0f75139ba5f5e848f5669a487

SHA256
aa2de4a180d68d2b927c2493dabb21454c6920af2057d6f86ea2e7729488429a

SHA512
d12a929cdf790a9cb75dc7b09b95ffb5c71ee74a94b4070a6a33a9e50aaadcc0a9a411c2a732a18c278cefb868be405ca5670f0e3c8977622cad1e3427700491

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASS_APE.DLL

Filesize
32KB

MD5
8b18088f73934fccc933be1124231d45

SHA1
a6d99c314bd71f68e7d581efc3eaf88e2bc2823c

SHA256
552fa0b1a175af5ed01940700a5a32f64ab7b695f76786308f24dde48c026765

SHA512
e3a43eafd21800205cedb8bca4e9f5780826f1a74091965f9f809c626954ab18bb69bd4e6e08aa5378c9768ab7e520f8f4d234d5a41458942eaca97d9b3c25a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASS_FX.DLL

Filesize
29KB

MD5
a928c3ee32e1069a3307f10fd6615ae9

SHA1
c9094482e19df6133bf5a091506d0afb026cd9e2

SHA256
fba44d98772b1f5c306e963eea3ce34c7e48cde2fded8eb89207f46af513212d

SHA512
ae7ea2fe944176215d37db47d79cbb4ee19b1823390c63b25d54c848268122c8c88954f2752cc212cd0e8a8a89ac2eae60853ea6f778e0320a10452a4638a8d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASS_MPC.DLL

Filesize
20KB

MD5
52420b97e59b525adef27bf51983f036

SHA1
da9f170165f2266a7285be6c0c489582399581b9

SHA256
685e6a44f557a9852ba16da2293a35ef3315720827e8472b870cc7c8644f92a8

SHA512
8a8342f4d79508b5b385c64389a432731428bd321bf0bbbbf6c1626f8a5ae6ad7b199fe2af895e28eca12feb33fc3cd5b100a5f6444008774b8ca1397f3e9d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASS_SPX.DLL

Filesize
46KB

MD5
2f4db4ee83e4a442b6c1df571f17ea98

SHA1
b5c9ff3385313f592771910d4de49380dda265f6

SHA256
6c414efb02c27ab912567a601408c0fa29328a9fafe60904f2a85136d2d9a110

SHA512
aeca9db0ff6fcb790e909116c6217283bb6760219fc5f3e526cb144d9cf8ec0c2ce3d521248673697f6abab82f7dfbc2bda041386b5c0f42039640dbd28d6b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\BASS_TTA.DLL

Filesize
8KB

MD5
4ad2d66e10aaa0ffe4c7a4f46eadbb56

SHA1
d1003d1e810f6f9ff82e1a2a4b4050c7f6b2442b

SHA256
0a69d4b7571ba9fcc28a2da8159e5765756418eddd0648a935f2f31dae6f89b4

SHA512
f5b68e7cb06ea2798a10b21c40867f3be06ec011dc1b0b63c1706b8db6d1f768c5f2f2ba1b93e4d32985a05e7d9de718e98e39f241ed402bb88dfa446de63dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\MP4TAG.DLL

Filesize
76KB

MD5
8aeb88ebd7cf37df47bdbcdd80f97160

SHA1
7fd9e509969eefd3e0a3c48d5bc5777346e0c06d

SHA256
4e6a5a4e448428f88e94f5bbf3881ccee1d2f238ea68d10523e3666d97a6d0e2

SHA512
c63b723082058623af947fa957b4f5610c4088d15a297caf365a6541e24bf6f5ed99e8cfb6e4b91957954c483b4445d69b5dc7d1af658848447b72654c08a2ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\asrv.exe

Filesize
1.0MB

MD5
ce36fbea348c81fbcd2eac53b418619b

SHA1
6d90a21c6543f73e0c6506c5051328989d2f872c

SHA256
a580146eab40e6db0e3b9a11ab93cb445f909b2eec844e9254ef2cce6a90e96d

SHA512
1f33f6a37f02dbabb36392c29ee1a360c8decb81fb7e9bd971890028b5c935df87446d9784bcaf6e8542ab1fe7be49cc3996032e9b376c4b498edc4d89d0b452

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASound\asrv.exe

Filesize
1.0MB

MD5
ce36fbea348c81fbcd2eac53b418619b

SHA1
6d90a21c6543f73e0c6506c5051328989d2f872c

SHA256
a580146eab40e6db0e3b9a11ab93cb445f909b2eec844e9254ef2cce6a90e96d

SHA512
1f33f6a37f02dbabb36392c29ee1a360c8decb81fb7e9bd971890028b5c935df87446d9784bcaf6e8542ab1fe7be49cc3996032e9b376c4b498edc4d89d0b452

Download Submit
C:\Users\Admin\Documents\asrv\Reg.cfg

Filesize
74B

MD5
a41777aad3531f88687fac49f661dff0

SHA1
d817cfc6326b1c5ff880dccdcfec6a9a53618313

SHA256
c8cdd2dcb2e4dd91a2a53df2f64d71124530448a7566f59651d77fcea88b64a6

SHA512
720fa1e12bfb372c290bf34067fa1cc1e93e0f45598fd3f62acbd48f663785a8ccbfca79043712bfacc6c9e53dec5a62905109fab893a5ed5c436a9af9e824a8

Download Submit
C:\Users\Admin\Documents\asrv\asrv.ini

Filesize
1KB

MD5
bf5f54e52ef3610eae9b92fb6c8079a2

SHA1
6e270a9b5a1e0dd47e1a1f65bcd7f0b36fe5092f

SHA256
3924830b0d8cba14dce77669c3131902c664cf1f15466b3cba41ac295933a76e

SHA512
949c0303f8138c33acac231a1d502394367670ea4691f677051bc690481ef188b17448ff6aa5a505c223b83bffa9029575e3496ad603704664858efd28fc2cf2

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\asrv.exe

Filesize
1.0MB

MD5
ce36fbea348c81fbcd2eac53b418619b

SHA1
6d90a21c6543f73e0c6506c5051328989d2f872c

SHA256
a580146eab40e6db0e3b9a11ab93cb445f909b2eec844e9254ef2cce6a90e96d

SHA512
1f33f6a37f02dbabb36392c29ee1a360c8decb81fb7e9bd971890028b5c935df87446d9784bcaf6e8542ab1fe7be49cc3996032e9b376c4b498edc4d89d0b452

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\asrv.exe

Filesize
1.0MB

MD5
ce36fbea348c81fbcd2eac53b418619b

SHA1
6d90a21c6543f73e0c6506c5051328989d2f872c

SHA256
a580146eab40e6db0e3b9a11ab93cb445f909b2eec844e9254ef2cce6a90e96d

SHA512
1f33f6a37f02dbabb36392c29ee1a360c8decb81fb7e9bd971890028b5c935df87446d9784bcaf6e8542ab1fe7be49cc3996032e9b376c4b498edc4d89d0b452

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bass.dll

Filesize
97KB

MD5
cbac83b6cb960221b95187e9b079eff1

SHA1
c435b3dbf485c94b5d94150d70052a8120c66e97

SHA256
ba6b87489ef33c4be7e2f9399961066fb367f9cf9f696f295f37f3fae8eb3462

SHA512
f01260edfb3871c9878722dc9f5fefb5e6ccbe782106c27f1a3682becc0e71feca900eac801930a392ff252176809b0433b41019461e9d6e89de0454f8dcbe87

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bass_aac.dll

Filesize
147KB

MD5
99b7b694e20e084d4921da3a268f75f8

SHA1
af147f38694163e0f75139ba5f5e848f5669a487

SHA256
aa2de4a180d68d2b927c2493dabb21454c6920af2057d6f86ea2e7729488429a

SHA512
d12a929cdf790a9cb75dc7b09b95ffb5c71ee74a94b4070a6a33a9e50aaadcc0a9a411c2a732a18c278cefb868be405ca5670f0e3c8977622cad1e3427700491

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bass_ape.dll

Filesize
32KB

MD5
8b18088f73934fccc933be1124231d45

SHA1
a6d99c314bd71f68e7d581efc3eaf88e2bc2823c

SHA256
552fa0b1a175af5ed01940700a5a32f64ab7b695f76786308f24dde48c026765

SHA512
e3a43eafd21800205cedb8bca4e9f5780826f1a74091965f9f809c626954ab18bb69bd4e6e08aa5378c9768ab7e520f8f4d234d5a41458942eaca97d9b3c25a4

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bass_fx.dll

Filesize
29KB

MD5
a928c3ee32e1069a3307f10fd6615ae9

SHA1
c9094482e19df6133bf5a091506d0afb026cd9e2

SHA256
fba44d98772b1f5c306e963eea3ce34c7e48cde2fded8eb89207f46af513212d

SHA512
ae7ea2fe944176215d37db47d79cbb4ee19b1823390c63b25d54c848268122c8c88954f2752cc212cd0e8a8a89ac2eae60853ea6f778e0320a10452a4638a8d3

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bass_mpc.dll

Filesize
20KB

MD5
52420b97e59b525adef27bf51983f036

SHA1
da9f170165f2266a7285be6c0c489582399581b9

SHA256
685e6a44f557a9852ba16da2293a35ef3315720827e8472b870cc7c8644f92a8

SHA512
8a8342f4d79508b5b385c64389a432731428bd321bf0bbbbf6c1626f8a5ae6ad7b199fe2af895e28eca12feb33fc3cd5b100a5f6444008774b8ca1397f3e9d84

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bass_spx.dll

Filesize
46KB

MD5
2f4db4ee83e4a442b6c1df571f17ea98

SHA1
b5c9ff3385313f592771910d4de49380dda265f6

SHA256
6c414efb02c27ab912567a601408c0fa29328a9fafe60904f2a85136d2d9a110

SHA512
aeca9db0ff6fcb790e909116c6217283bb6760219fc5f3e526cb144d9cf8ec0c2ce3d521248673697f6abab82f7dfbc2bda041386b5c0f42039640dbd28d6b53

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bass_tta.dll

Filesize
8KB

MD5
4ad2d66e10aaa0ffe4c7a4f46eadbb56

SHA1
d1003d1e810f6f9ff82e1a2a4b4050c7f6b2442b

SHA256
0a69d4b7571ba9fcc28a2da8159e5765756418eddd0648a935f2f31dae6f89b4

SHA512
f5b68e7cb06ea2798a10b21c40867f3be06ec011dc1b0b63c1706b8db6d1f768c5f2f2ba1b93e4d32985a05e7d9de718e98e39f241ed402bb88dfa446de63dcc

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bassenc.dll

Filesize
12KB

MD5
013522705cf0e82fb47ea58d9d8d9746

SHA1
cab7c2ddd64b96b0dffd6a0b673fe2623312ba4f

SHA256
771d3f40c5d3007b5d0532eae57573c336e39776055d0b463bc35d0345dfe1b9

SHA512
95ea07e38536971ba2638336a67dd8924167eb20ac1f3183b115a47d2bac22498548c42f1f573f7b8d45a470a9fcb5df4256dbd7584c859aee9926e28e04da60

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bassflac.dll

Filesize
24KB

MD5
50af8a7d49e83a723ed0f70fb682dcfb

SHA1
3c2fad1b5d1dcc5e50819b1a3e65ef7b1d93d717

SHA256
481b418bfb291276b565edd4a6e06948038c10cd8c592c2d81fd82348ef39e6a

SHA512
99aaca0a84e9220408d16fa1465a7549027618b7cb6d665d0ad97627a890ae7141ed7320568fab1132a3d491a950e31b472f45ba68f6c10f0f2aead40dd9fcb3

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\bassmix.dll

Filesize
16KB

MD5
161d4ea62061120fb57ce22c89a92a95

SHA1
3601a814efa2ab3aa304c8929c0a60e9167954d6

SHA256
c4855e1572071968efd203537e04c6026593ca30f7c49378f003ad4473e27a18

SHA512
30bfef2493d6f1204835368b9b81c159a12143cb4f5d33a830600ddbf1b6420248df5570466b3d46f4cdc4e0431d0e9e77f2f17f5dcb4b259dc2b963d0678c0e

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\basswma.dll

Filesize
16KB

MD5
56ed969e1304cbd68659585eaba5b3c7

SHA1
318176dc0d10c10006a036ca7faad9dacbc2c7e7

SHA256
ed50478820b61b88969536153e8268c50ac7a8bae45f67435d8b50cfa03f5624

SHA512
7386432adc4b1af2d08a26d5cc4fb1ed1d6a1f5f79a41107ee2944dbcfaa8a03c0dea76def371958fbb7a7eee82eeb122f89359a21417377168552c5d4dccda6

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\basswv.dll

Filesize
27KB

MD5
81cd30daf364ad06e88c11d2171d8117

SHA1
d3d419933fc63af2dfdeef5065d1dbd9ffacbd20

SHA256
eb03ba639920b5f55ca10df4e99a62132f21f09eda93dfa87c6c023577d220f6

SHA512
ff10333e41900b6b2afc6bee03f2439424cd12a9f593e922b9e1a97b2797a181a94f387ccc531b33b1c534d703870271cf8b9315caa5213332c2eedcaf4bd1bd

Download Submit
\Users\Admin\AppData\Local\Temp\ASound\mp4tag.dll

Filesize
76KB

MD5
8aeb88ebd7cf37df47bdbcdd80f97160

SHA1
7fd9e509969eefd3e0a3c48d5bc5777346e0c06d

SHA256
4e6a5a4e448428f88e94f5bbf3881ccee1d2f238ea68d10523e3666d97a6d0e2

SHA512
c63b723082058623af947fa957b4f5610c4088d15a297caf365a6541e24bf6f5ed99e8cfb6e4b91957954c483b4445d69b5dc7d1af658848447b72654c08a2ee

Download Submit
\Users\Admin\Documents\asrv\AtDLL.DLL

Filesize
93KB

MD5
007c4ef71a12a56d4eac83f324e46e62

SHA1
670f824f6761d2ff1277029c8cc6047ec051b1cc

SHA256
b3543a941495c3b297865dc71d2bc128416a3ded5fb2d325f6bed2ddec040c15

SHA512
08a36fd3a74b192df8e78c49b413a70270ab7ff85b947d02d48f192f4969390a5e653978657cd6b1b2f13c57ce1711700fb563fae216771ce223af15abe17bda

Download Submit
memory/992-54-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download
memory/992-92-0x0000000000330000-0x0000000000340000-memory.dmp

Filesize
64KB

Download
memory/992-93-0x0000000002D20000-0x0000000002F65000-memory.dmp

Filesize
2.3MB

Download
memory/1504-100-0x0000000000650000-0x0000000000693000-memory.dmp

Filesize
268KB

Download
memory/1504-97-0x0000000010100000-0x000000001010B000-memory.dmp

Filesize
44KB

Download
memory/1504-95-0x0000000011000000-0x0000000011063000-memory.dmp

Filesize
396KB

Download
memory/1504-103-0x00000000003E0000-0x00000000003E8000-memory.dmp

Filesize
32KB

Download
memory/1504-102-0x0000000010400000-0x000000001040F000-memory.dmp

Filesize
60KB

Download
memory/1504-101-0x0000000010700000-0x0000000010712000-memory.dmp

Filesize
72KB

Download
memory/1504-94-0x0000000000400000-0x00000000006449FA-memory.dmp

Filesize
2.3MB

Download
memory/1504-104-0x00000000006A0000-0x00000000006B5000-memory.dmp

Filesize
84KB

Download
memory/1504-105-0x0000000002030000-0x0000000002047000-memory.dmp

Filesize
92KB

Download
memory/1504-99-0x00000000003D0000-0x00000000003DF000-memory.dmp

Filesize
60KB

Download
memory/1504-98-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1504-96-0x0000000010300000-0x0000000010309000-memory.dmp

Filesize
36KB

Download
memory/1504-107-0x00000000001C0000-0x00000000001C4000-memory.dmp

Filesize
16KB

Download
memory/1504-106-0x0000000010500000-0x000000001052B000-memory.dmp

Filesize
172KB

Download
memory/1504-110-0x0000000002380000-0x00000000023A1000-memory.dmp

Filesize
132KB

Download
memory/1504-89-0x0000000002050000-0x0000000002066000-memory.dmp

Filesize
88KB

Download
memory/1504-114-0x0000000010100000-0x000000001010B000-memory.dmp

Filesize
44KB

Download
memory/1504-112-0x0000000000400000-0x00000000006449FA-memory.dmp

Filesize
2.3MB

Download
memory/1504-113-0x0000000011000000-0x0000000011063000-memory.dmp

Filesize
396KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads