Managed XDR

rdqejuit.exe — malware analysis report

File info

Filename
rdqejuit.exe
File type
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
File size
243 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
6d6fca511fa813e4ce31cb5eada30e20b50f572e
SHA256
86360a34172167ba8806843c0e5731d1513634e6add65c6f836c1e50dcfcd4d5
MD5
8ae5f7acb9662d33c7f114d2850f61b3

Signatures

Privilege Escalation

T1055.002 inject_write_pe: Writes PE file to another process's memory
T1055.012 injection_runpe: Injects code into another process
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1055.002 inject_write_pe: Writes PE file to another process's memory
T1055.012 injection_runpe: Injects code into another process
T1027.002 unnamed_memory_regions_contains_pe: One or several unnamed memory regions are PE files
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1134 opens_process_token: Opens the access token associated with a process

Other

no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process