Overview

overview

7

Static

static

Xjpclient.exe

windows7-x64

7

Xjpclient.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    300s
  • max time network
    301s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2022 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xjpclient.exe

  • Size

    2.7MB

  • MD5

    7ccf1daeb4ddd980db87cbaad63e68a6

  • SHA1

    bc7eebe2ec92ff358991773fcc7bd3a9c4fadf2e

  • SHA256

    fcb778c9acf8dfc5b52941414b4e9d11cec1a10e360dffccdff948198896d5cd

  • SHA512

    f61ec6b5f55b1c143fec7e9f229159d668fe166a78463659d88ef64ccf687a2cbc36a8d0ab9916e2a695e295584779ce63e3d801d1fc364d9ede44a275a8ce39

  • SSDEEP

    49152:QeencSz4IR3yHM8g8SpxRVDZNM1JBmxOztaBVjNYc3D0nhCZiaGwZ:SHz42CHNgnV3UJBTpch3oMiaGC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Xjpclient.exe
    "C:\Users\Admin\AppData\Local\Temp\Xjpclient.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:536
  • C:\Users\Admin\AppData\Local\Temp\Xjpclient.exe
    C:\Users\Admin\AppData\Local\Temp\Xjpclient.exe -s
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\DN77F252F8635E4222\HVMRuntm.dll
    Filesize

    1.9MB

    MD5

    9b42ef6d767d0b7759bc10d1da2e692a

    SHA1

    c2a9e59971898681a08a2775131ebeef4c37ef89

    SHA256

    a0b11444c5913bc048c2f97b670cc801176df17565c48d6e7a30fef651ca8426

    SHA512

    4557575036fae0a04ad8855b19df768aa40dca2da3c2c486a76875355f7b9cc624d280b9c5c7db03cdc533e573baf35684f7846017ed384f8b731ac8dd23c2bf

    Download Submit

  • \Windows\Temp\DN77F252F8635E4222\HVMRuntm.dll
    Filesize

    1.9MB

    MD5

    9b42ef6d767d0b7759bc10d1da2e692a

    SHA1

    c2a9e59971898681a08a2775131ebeef4c37ef89

    SHA256

    a0b11444c5913bc048c2f97b670cc801176df17565c48d6e7a30fef651ca8426

    SHA512

    4557575036fae0a04ad8855b19df768aa40dca2da3c2c486a76875355f7b9cc624d280b9c5c7db03cdc533e573baf35684f7846017ed384f8b731ac8dd23c2bf

    Download Submit

  • memory/536-54-0x0000000001170000-0x0000000001426000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/536-57-0x0000000000340000-0x0000000000362000-memory.dmp

    Filesize

    136KB

    Download

  • memory/536-58-0x0000000076831000-0x0000000076833000-memory.dmp

    Filesize

    8KB

    Download

  • memory/536-59-0x0000000004DD9000-0x0000000004DEA000-memory.dmp

    Filesize

    68KB

    Download

  • memory/536-64-0x0000000004DD9000-0x0000000004DEA000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2040-61-0x0000000074D30000-0x0000000074DB0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2040-62-0x00000000004A0000-0x00000000004C2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2040-65-0x0000000001109000-0x000000000111A000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2040-66-0x0000000001109000-0x000000000111A000-memory.dmp

    Filesize

    68KB

    Download