Overview

overview

8

Static

static

1

46526740d1...88.exe

windows7-x64

8

46526740d1...88.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 00:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46526740d19fa498b7d6d4ef11afe788.exe

  • Size

    66KB

  • MD5

    46526740d19fa498b7d6d4ef11afe788

  • SHA1

    5027f892e0bf1c1b8217c2f89be80856d4d3bcd7

  • SHA256

    eaf5423bdcbac899c5bf496d017b5e4f1725609c4b78a7a9ceb9278ae4003111

  • SHA512

    3b079a9cd613868201a164d65db86ae5ba0feac8011c03618726ded1cbb446ee1a4f154ee978daccfdf2ce6b857831816218af279de67241e813bf93efd2d4a4

  • SSDEEP

    1536:ETBKM7b3vuU4kl161PGREFyxl5WUWoaVFY+/E:gBVneAyGy6DWUSFY+c

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 3 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46526740d19fa498b7d6d4ef11afe788.exe
    "C:\Users\Admin\AppData\Local\Temp\46526740d19fa498b7d6d4ef11afe788.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:4520
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k hnbjvl
    1⤵
    • Deletes itself
    • Loads dropped DLL
    PID:3840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\jrcqxa.dll
    Filesize

    42KB

    MD5

    d8a639c4c8488aa13dfe07a3438ccdbb

    SHA1

    4c34eb04c42097fac00a78f99001ad47c678638c

    SHA256

    47bc6fc6ab1727da742304b1e92e9bcaac06b11264da8efcde19f05c1b547a61

    SHA512

    aa722f82113d309557107d9c647d93981c9133586606c718ccb8d6e2d78a253890780fadff9684cb0ac5b118fad0984f3195fe419cbab0bd0f3219cdecfea408

    Download Submit

  • memory/3840-11-0x0000000010000000-0x0000000010026000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3840-13-0x0000000010000000-0x0000000010026000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3840-14-0x0000000000990000-0x0000000000991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3840-15-0x0000000010000000-0x0000000010026000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3840-16-0x0000000000990000-0x0000000000991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4520-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4520-5-0x0000000010000000-0x0000000010026000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4520-7-0x0000000010000000-0x0000000010026000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4520-8-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4520-12-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download