6c207a610c14b2ea30a14d6b375a12db90611da24ae18244831d16a1025aa493

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 09:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6c207a610c14b2ea30a14d6b375a12db90611da24ae18244831d16a1025aa493.dll
Size

58KB
MD5

85aa6f97ce1116abfed0750b7faef4b8
SHA1

75b92e679e85bb60e9744cce7e208a9dbd51cbf6
SHA256

6c207a610c14b2ea30a14d6b375a12db90611da24ae18244831d16a1025aa493
SHA512

088a6348126c0718b7beb9723a9913618feacbdefc3a29d80b55a2a8e755a54d6a43ec30f3b630c16dc474eb6be955cf8571d890e65fbd120755a27e93aedebc
SSDEEP

768:8HOlwYkQFy8tBrEBRnWhtl18yHRVbgOW4D86C8c/wRKqDcHOlwY:8ui+y8tJSyl18yHRSOW4D86C8c/wRmu

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
700	hrlF0EC.tmp
2528	asmgsq.exe

Loads dropped DLL 1 IoCs

pid	Process
2528	asmgsq.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\asmgsq.exe	hrlF0EC.tmp
File opened for modification	C:\Windows\SysWOW64\asmgsq.exe	hrlF0EC.tmp
File created	C:\Windows\SysWOW64\gei33.dll	asmgsq.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 704	4884	rundll32.exe	79
PID 4884 wrote to memory of 704	4884	rundll32.exe	79
PID 4884 wrote to memory of 704	4884	rundll32.exe	79
PID 704 wrote to memory of 700	704	rundll32.exe	80
PID 704 wrote to memory of 700	704	rundll32.exe	80
PID 704 wrote to memory of 700	704	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c207a610c14b2ea30a14d6b375a12db90611da24ae18244831d16a1025aa493.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c207a610c14b2ea30a14d6b375a12db90611da24ae18244831d16a1025aa493.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:704
- - C:\Users\Admin\AppData\Local\Temp\hrlF0EC.tmp
    C:\Users\Admin\AppData\Local\Temp\hrlF0EC.tmp
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    PID:700

C:\Windows\SysWOW64\asmgsq.exe
C:\Windows\SysWOW64\asmgsq.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hrlF0EC.tmp

Filesize
48KB

MD5
0d79576cba0b38099f752e4f24dbd3c0

SHA1
2e0eb740b7c69beec8ad4a46e97a973385ca7e01

SHA256
f1c9f28df590bddf41d62443a4c9ba18ef0b1132f5ae67be51b3a64bc630d951

SHA512
7a829b8047f0d03ebc6e9eb06c2c073921f5a83178bd8f46b333beb834d53fd51dfc1ad1d269f59a38fa16f222ea8060a0e9dd071571326b40e2c3b04852a8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\hrlF0EC.tmp

Filesize
48KB

MD5
0d79576cba0b38099f752e4f24dbd3c0

SHA1
2e0eb740b7c69beec8ad4a46e97a973385ca7e01

SHA256
f1c9f28df590bddf41d62443a4c9ba18ef0b1132f5ae67be51b3a64bc630d951

SHA512
7a829b8047f0d03ebc6e9eb06c2c073921f5a83178bd8f46b333beb834d53fd51dfc1ad1d269f59a38fa16f222ea8060a0e9dd071571326b40e2c3b04852a8d0

Download Submit
C:\Windows\SysWOW64\asmgsq.exe

Filesize
48KB

MD5
0d79576cba0b38099f752e4f24dbd3c0

SHA1
2e0eb740b7c69beec8ad4a46e97a973385ca7e01

SHA256
f1c9f28df590bddf41d62443a4c9ba18ef0b1132f5ae67be51b3a64bc630d951

SHA512
7a829b8047f0d03ebc6e9eb06c2c073921f5a83178bd8f46b333beb834d53fd51dfc1ad1d269f59a38fa16f222ea8060a0e9dd071571326b40e2c3b04852a8d0

Download Submit
C:\Windows\SysWOW64\asmgsq.exe

Filesize
48KB

MD5
0d79576cba0b38099f752e4f24dbd3c0

SHA1
2e0eb740b7c69beec8ad4a46e97a973385ca7e01

SHA256
f1c9f28df590bddf41d62443a4c9ba18ef0b1132f5ae67be51b3a64bc630d951

SHA512
7a829b8047f0d03ebc6e9eb06c2c073921f5a83178bd8f46b333beb834d53fd51dfc1ad1d269f59a38fa16f222ea8060a0e9dd071571326b40e2c3b04852a8d0

Download Submit
C:\Windows\SysWOW64\gei33.dll

Filesize
58KB

MD5
85aa6f97ce1116abfed0750b7faef4b8

SHA1
75b92e679e85bb60e9744cce7e208a9dbd51cbf6

SHA256
6c207a610c14b2ea30a14d6b375a12db90611da24ae18244831d16a1025aa493

SHA512
088a6348126c0718b7beb9723a9913618feacbdefc3a29d80b55a2a8e755a54d6a43ec30f3b630c16dc474eb6be955cf8571d890e65fbd120755a27e93aedebc

Download Submit
memory/700-136-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/700-139-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2528-141-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads