056eb01dd6d14a7e854929238c5a2f3b8d820e9c2c5f645daf3dce0e74151961

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4eeebf264c527caf596739bcabfe5453.exe
Size

63KB
MD5

4eeebf264c527caf596739bcabfe5453
SHA1

50c96adabb41fd24dacafdbbc3523a72ccdb51ed
SHA256

056eb01dd6d14a7e854929238c5a2f3b8d820e9c2c5f645daf3dce0e74151961
SHA512

c630caa2a1b302874449bc77320f4c35148a015686fcabf3b431158637966cd9530b1625f015935ef610894e0656d92db1e0538f21782c484bf08885e2bdbca3
SSDEEP

1536:vEhPplFTvjHf8ZePZhTJ4p4JHris3rNh4RWWRcgIvMoWN:vSPplFTrUSJ4eLis3rNh4RWzghN

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\rdxcvo.sys	4eeebf264c527caf596739bcabfe5453.exe

Sets DLL path for service in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\dkrfiz\Parameters\ServiceDll = "%SystemRoot%\\System32\\rdxcvo.dll"	4eeebf264c527caf596739bcabfe5453.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\dkrfiz\Parameters\ServiceDll = "%SystemRoot%\\System32\\rdxcvo.dll"	4eeebf264c527caf596739bcabfe5453.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\dkrfiz\Parameters\ServiceDll = "%SystemRoot%\\System32\\rdxcvo.dll"	4eeebf264c527caf596739bcabfe5453.exe

Deletes itself 1 IoCs

pid	Process
1240	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
784	4eeebf264c527caf596739bcabfe5453.exe
1240	svchost.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\000549b0.ini	4eeebf264c527caf596739bcabfe5453.exe
File created	C:\Windows\SysWOW64\rdxcvo.dll	4eeebf264c527caf596739bcabfe5453.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
668	Process not Found

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1240	svchost.exe
1240	svchost.exe
1240	svchost.exe

C:\Users\Admin\AppData\Local\Temp\4eeebf264c527caf596739bcabfe5453.exe
"C:\Users\Admin\AppData\Local\Temp\4eeebf264c527caf596739bcabfe5453.exe"
1⤵
- Drops file in Drivers directory
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
PID:784

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k dkrfiz
1⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rdxcvo.dll

Filesize
18KB

MD5
6adca948caf789cb205db3b9b778e009

SHA1
e1dd4b1f0b54aad97786ebb5aef0ec2685e5804d

SHA256
8485170a5e9f42c7f5df5618ee805cb5ae3943fc75f11bcf3f67609e2022d4c6

SHA512
b70c55695362e3343d0697fd72c5fd079c3d3edb42b6152c6d19a18819bcffd5eb0800f331ba403640c904facf70b9f699579fffee05f99948ae34892e24442e

Download Submit
\??\c:\windows\SysWOW64\rdxcvo.dll

Filesize
50KB

MD5
10fa097252f9e6bd8c432aff66512012

SHA1
97a1cf4053ed932382ab51016821ab8d9b642056

SHA256
7770560b2ce99e8d70d43c6e08abd6edf88acc796edc17dcbf657d4341c00340

SHA512
072437dc0b32b41e3d6a8a3e2b2ebedcef6cb2ab9a17c1068c66a6bfbe315f35f5a985edda2557fddc328f6aa4b239f118d5c209946a3df489449805bbb840b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads