Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 13:29
Static task
static1
Behavioral task
behavioral1
Sample
kpt2.cab.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
kpt2.cab.dll
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
kpt2.cab.dll
-
Size
241KB
-
MD5
e7aac91548d1e53f0b76b7e76e3a1bb6
-
SHA1
586b3fc4a427ac960615221b00805049f28e9cd4
-
SHA256
78c72acc6e07b9df2966b2056b372f38c8b0a11003768c34af861ff4dd2346b9
-
SHA512
83a54610e347ab6553a0058e2c6148bd7fa07ab35240bfe88709748623bca3464aa54da72aaf411851165b0dc111981da77981e748130d036ec6badd3c92105c
Score
1/10
Malware Config
Signatures
-
Checks whether UAC is enabled 2 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA IEXPLORE.EXE Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA iexplore.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4077807712" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000070f4e65ddf1514459006b313b316c020000000000200000000001066000000010000200000006c296a0ea004f61a859698f96458fbd3c5f5d712c2ad288b9ae99f0711366433000000000e80000000020000200000000a868efbf0d60d22bc478c737e0691bd3ef284c174de4359c02bbf6203cb93ff200000000a004d3a5c8c0c1a8553c11fa81307f1b5d7e2e0a733800cbabb0042de50a0ea400000004f298f62d4937df9d2cf9d451c2438e8b2f62c85b49ef8232709f8eea25da0c72ef331ae1f297b43d6665a522d457e4fc3e23acf7d7b1bd7dd94b812fb305d0b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4077807712" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30823941" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10ec9af30556d601 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E8F68A4-C1F9-11EA-BF1A-C6A65C9669E9} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30823941" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000070f4e65ddf1514459006b313b316c02000000000020000000000106600000001000020000000e5e656145f13b4b2dde2a20f43c6cd46ef37ff835024b760bc6bd133ab9857b4000000000e80000000020000200000009a0c7f53b72d91f63c38803f397cedb3201cc759ecf74f6d31e38d48292a26e820000000f45832565c13bf18f5c7e1d4073d43b0ea13407c8a44d9eb7f3d79de74732f21400000000eb507812cddc79258c527dbe221027de7015af414a008d450a59f772259f9d919d39254a9788126cfb04efcd7d3ee136a051c6100d0e2a22f7aefdb7116df17 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e793f30556d601 iexplore.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1356 wrote to memory of 1504 1356 rundll32.exe 68 PID 1356 wrote to memory of 1504 1356 rundll32.exe 68 PID 1356 wrote to memory of 1504 1356 rundll32.exe 68 PID 3244 wrote to memory of 3984 3244 iexplore.exe 75 PID 3244 wrote to memory of 3984 3244 iexplore.exe 75 PID 3244 wrote to memory of 3984 3244 iexplore.exe 75 -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3244 iexplore.exe 3244 iexplore.exe 3984 IEXPLORE.EXE 3984 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3244 iexplore.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kpt2.cab.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1356 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kpt2.cab.dll,#12⤵PID:1504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
PID:3244 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3244 CREDAT:82945 /prefetch:22⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3984
-