MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52ee17f3c365066c1292092999bbabc6b49e7c16a68af634206ce093afabc719. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52ee17f3c365066c1292092999bbabc6b49e7c16a68af634206ce093afabc719
SHA3-384 hash: eb8b9474e5a92479aeec84375ab7096cce062ec848c4916fd28fb6f46821d65f19cc7c68d3bd951ddd9de6a0cfda99f5
SHA1 hash: b7fb11c3ae90f416f108223baf06851a4a019689
MD5 hash: d48705ae327e9488c05d43e797645564
humanhash: mountain-violet-pennsylvania-uncle
File name:nhmkrt.dll
Download: download sample
File size:5'632 bytes
First seen:2022-01-01 08:10:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 96:EZp+PVcanQF/EI1L/h+HN5wwW+pGIKFgXsj7ZeZ+DA+zyl:BnQFn1LJ+HPww1KnnD9A
Threatray 19 similar samples on MalwareBazaar
TLSH T113C15C86B6448E33C1A03B7AB1FF830DE279FA5412ED156C022165AB5C1392F53D1EB5
Reporter JAMESWT_WT
Tags:AppX exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
nhmkrt.dll
Verdict:
No threats detected
Analysis date:
2022-01-01 08:12:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/129648d5-dd8f-42bf-8ce0-d7c71620327c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/216984/
Detection(s):
SecuriteInfo.com.Trojan.Injector1.DB21CLASSIC.10320.23937.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/61d00c668991ba72b3a3b368/reports/0a48ff50-1794-451e-b7d6-7f9297cf4a29/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d2beb964-e56e-4045-afaa-95f8a8012b6b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/914418
Signature
Multi AV Scanner detection for submitted file
Rundll32 performs DNS lookup (likely malicious behavior)
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 546896 Sample: nhmkrt.dll Startdate: 01/01/2022 Architecture: WINDOWS Score: 64 28 Multi AV Scanner detection for submitted file 2->28 30 Sigma detected: Suspicious Call by Ordinal 2->30 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 12 7->9         started        13 rundll32.exe 12 7->13         started        15 cmd.exe 1 7->15         started        dnsIp5 24 windows-store.online 9->24 32 System process connects to network (likely due to code injection or exploit) 9->32 34 Rundll32 performs DNS lookup (likely malicious behavior) 9->34 26 windows-store.online 13->26 17 WerFault.exe 20 9 13->17         started        19 rundll32.exe 12 15->19         started        signatures6 process7 dnsIp8 22 windows-store.online 19->22
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52ee17f3c365066c1292092999bbabc6b49e7c16a68af634206ce093afabc719/
Verdict:
suspicious
Similar samples:
03be30bf83c48de2fc11174179c6b466cde149f2af7032dbc8bf2036a12b0e1a
1814a6a6749684cdacd792374e0ba31b7be4ff6f9675f3fd15d543afbb540367
20d5c6c663892a91c9e97e45d22ee867f9a024528ea695fcefa40cd85ca361be
3b90a0400e326fe9249c6829be0fb43d64dabe38fbe903109f29c53899e74f5d
cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb
d22f536d4d6cc001271855f4467af0bbc656801e1ffa34a8acd905db56cebae0
dc7be5c75c746cd6e0660711d3fb8bc8753d760ece99c00f222fe21d9ddd4204
f146844c73fce32362a12c1e478ffbb1d04d8168ca23bb1e3cb681ed5cb65903
f423bd6daae6c8002acf5c203267e015f7beb4c52ed54a78789dd86ab35e46c6
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220101-j2rs3shec8/
Unpacked files
SH256 hash:
52ee17f3c365066c1292092999bbabc6b49e7c16a68af634206ce093afabc719
MD5 hash:
d48705ae327e9488c05d43e797645564
SHA1 hash:
b7fb11c3ae90f416f108223baf06851a4a019689
Link:
https://www.unpac.me/results/b8fe0815-c573-4a40-8375-515cc1f177d7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/52ee17f3c365066c1292092999bbabc6b49e7c16a68af634206ce093afabc719

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/216984/

Comments