7c294284e335b093fedec96c754d4b2630bffa9cabe4596cbc0d8d3ff3727660 | Triage

Submit
Reports

Overview

overview

8

Static

static

clrjit_dump.dll

windows7-x64

1

clrjit_dump.dll

windows10-2004-x64

8

Sharing

General

Target

clrjit_dump.dll
Size

548KB
Sample

230131-f76bwagd7z
MD5

bb3c1b827cba1a09c708610c564be8ec
SHA1

ce850503d10d2710dbe25850a804e713b7373cae
SHA256

7c294284e335b093fedec96c754d4b2630bffa9cabe4596cbc0d8d3ff3727660
SHA512

393fb7a9dd03725670fe1285de765f9aaca19c10459ecc6aca75baa0c79b5c44d2a5dab8edbb07ba0ee1352fae438e7c9fb3522d6783601709c2b9cc38a8a50c
SSDEEP

12288:rlk72WGvN7z5DxbOhRF+61+QfcfhwTHCWcX/WtpF:raGvN7z5DxbURFH1vfcfhXVXUF

Score

8^/10

microsoft discovery persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

clrjit_dump.dll

Resource

win7-20220812-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral2

Sample

clrjit_dump.dll

Resource

win10v2004-20221111-en

microsoft discovery persistence phishing

windows10-2004-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  clrjit_dump.dll
- Size
  
  548KB
- MD5
  
  bb3c1b827cba1a09c708610c564be8ec
- SHA1
  
  ce850503d10d2710dbe25850a804e713b7373cae
- SHA256
  
  7c294284e335b093fedec96c754d4b2630bffa9cabe4596cbc0d8d3ff3727660
- SHA512
  
  393fb7a9dd03725670fe1285de765f9aaca19c10459ecc6aca75baa0c79b5c44d2a5dab8edbb07ba0ee1352fae438e7c9fb3522d6783601709c2b9cc38a8a50c
- SSDEEP
  
  12288:rlk72WGvN7z5DxbOhRF+61+QfcfhwTHCWcX/WtpF:raGvN7z5DxbURFH1vfcfhXVXUF
Score

8^/10

microsoft discovery persistence phishing
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftdiscoverypersistencephishing

© 2018-2024

Terms | Privacy