e6b4a7a8dc574b8ad209819831cfb862ed7d212693a4f56ff88fd5b01b532899

Analysis

max time kernel
10s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6b4a7a8dc574b8ad209819831cfb862ed7d212693a4f56ff88fd5b01b532899.exe
Size

184KB
MD5

037ecfb38ad3afabd4d27963225400b0
SHA1

3fe0ee4f698e255a28d2039cdb787799e2707a1b
SHA256

e6b4a7a8dc574b8ad209819831cfb862ed7d212693a4f56ff88fd5b01b532899
SHA512

9a8aed19e28c4f0a15fb3236f14a7c7d030a5ef8145f0fb598ec07a97c38f6c6d840e919ae2e7d23c27c767eefef102f3620630a98c45c8724623d7a1467fb97
SSDEEP

3072:SbFZBpiJrsZnWbPOq1BxsoHqiT58JlrUSEJH/86DVJAknokaQp:SbF3pSw85DxsoKrlrPE3T1aU

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4472	hqjdank.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\hqjdank.exe	e6b4a7a8dc574b8ad209819831cfb862ed7d212693a4f56ff88fd5b01b532899.exe
File created	C:\PROGRA~3\Mozilla\lwcuhml.dll	hqjdank.exe

C:\Users\Admin\AppData\Local\Temp\e6b4a7a8dc574b8ad209819831cfb862ed7d212693a4f56ff88fd5b01b532899.exe
"C:\Users\Admin\AppData\Local\Temp\e6b4a7a8dc574b8ad209819831cfb862ed7d212693a4f56ff88fd5b01b532899.exe"
1⤵
- Drops file in Program Files directory
PID:4508

C:\PROGRA~3\Mozilla\hqjdank.exe
C:\PROGRA~3\Mozilla\hqjdank.exe -gzmenpj
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\hqjdank.exe

Filesize
184KB

MD5
7bd8198207c6b093d1229018b0715857

SHA1
7c388481d5ee383b64548b863b83b0e02d423c2a

SHA256
77dc0892cb2d52997bc51b781a3fc360cb6be93dd306c4675f61cb7c9d39be36

SHA512
0c6328de355862ec594180717d546e34f6a1b84318b8100619578ed51c45274c39849b0060cde05e014ea3379498683920d6bf4e90c72f53f1a1851d35e6420d

Download Submit
memory/4472-9-0x0000000000C70000-0x0000000000CCB000-memory.dmp

Filesize
364KB

Download
memory/4472-10-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4472-12-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4472-14-0x0000000000C70000-0x0000000000CCB000-memory.dmp

Filesize
364KB

Download
memory/4508-0-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4508-1-0x00000000021D0000-0x000000000222B000-memory.dmp

Filesize
364KB

Download
memory/4508-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4508-6-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4508-8-0x00000000021D0000-0x000000000222B000-memory.dmp

Filesize
364KB

Download