General
-
Target
clrjit_dump.dll
-
Size
548KB
-
Sample
230131-f76bwagd7z
-
MD5
bb3c1b827cba1a09c708610c564be8ec
-
SHA1
ce850503d10d2710dbe25850a804e713b7373cae
-
SHA256
7c294284e335b093fedec96c754d4b2630bffa9cabe4596cbc0d8d3ff3727660
-
SHA512
393fb7a9dd03725670fe1285de765f9aaca19c10459ecc6aca75baa0c79b5c44d2a5dab8edbb07ba0ee1352fae438e7c9fb3522d6783601709c2b9cc38a8a50c
-
SSDEEP
12288:rlk72WGvN7z5DxbOhRF+61+QfcfhwTHCWcX/WtpF:raGvN7z5DxbURFH1vfcfhXVXUF
Static task
static1
Behavioral task
behavioral1
Sample
clrjit_dump.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
clrjit_dump.dll
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
clrjit_dump.dll
-
Size
548KB
-
MD5
bb3c1b827cba1a09c708610c564be8ec
-
SHA1
ce850503d10d2710dbe25850a804e713b7373cae
-
SHA256
7c294284e335b093fedec96c754d4b2630bffa9cabe4596cbc0d8d3ff3727660
-
SHA512
393fb7a9dd03725670fe1285de765f9aaca19c10459ecc6aca75baa0c79b5c44d2a5dab8edbb07ba0ee1352fae438e7c9fb3522d6783601709c2b9cc38a8a50c
-
SSDEEP
12288:rlk72WGvN7z5DxbOhRF+61+QfcfhwTHCWcX/WtpF:raGvN7z5DxbURFH1vfcfhXVXUF
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-