Overview

overview

7

Static

static

3

lpk.dll

windows7-x64

7

lpk.dll

windows10-2004-x64

7

数据库�...��.exe

windows7-x64

1

数据库�...��.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/06/2024, 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lpk.dll

  • Size

    46KB

  • MD5

    a192aeb6b7d6a933f9ec48febd55044d

  • SHA1

    013c43417a9372b62e417b93163277bdaa646a65

  • SHA256

    76fec10f245e0bc51ece5ce324571d285a0f4efd7752fff262094b7c8889e030

  • SHA512

    d0326e09b10ce1b7f9f6c30a0636a6489324254a5bd775920552a6aac74f18027178b2e53f062ceaf8164cee25c2fbc5836ac75fa4229588d4040d9f35c7f671

  • SSDEEP

    768:hojY9Pbi9eebwtwGYNrihCp2+UGj0W3eE1Y2ahjQQyzkojY9Po:0m0eebwtwLp27GjV3P1YdUQyzVmg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\lpk.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4800
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\lpk.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1472
      • C:\Users\Admin\AppData\Local\Temp\hrl5340.tmp
        C:\Users\Admin\AppData\Local\Temp\hrl5340.tmp
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Suspicious use of SetWindowsHookEx
        PID:1232
  • C:\Windows\SysWOW64\qcgxsm.exe
    C:\Windows\SysWOW64\qcgxsm.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hrl5340.tmp
    Filesize

    38KB

    MD5

    20a14acd4b3752293e4d612ffd8e7ca0

    SHA1

    5e60626bc8f9b572f4049b0e76f3de76e35d65f7

    SHA256

    ac279658d287f2249aca285c4ae3b3669bb4cd0e710cdd15a4afd73d13a25b29

    SHA512

    a79f68b4400b9f77f38bcdcd2261f19f71852f0ecad9855b4736af52d36a0655bc39824c634823928bb149c3e24eb2a6b1a6142707532f67ad90595fae395ef4

    Download Submit

  • C:\Windows\SysWOW64\hra33.dll
    Filesize

    7KB

    MD5

    7147ff24579a477a1a34696926e573f1

    SHA1

    9127ea8d813ecd5788b3f97777931ec79b7760e9

    SHA256

    fd08dcb016611316c849d48312ba6dc7d4de75d1a81c1d475a13bb5a1ba07267

    SHA512

    077b68376679c30d2dbae460ed59f5131c177bdd7574af1c2660ed97ae242b1401816d012af321c278be065b49bc9eab395e008b1b9a2447aa27b694bbed1d5d

    Download Submit

  • memory/1232-7-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download