Overview

overview

1

Static

static

krnl_conso...er.exe

windows10_x64

1

Resubmissions

06-01-2022 01:40

220106-b3w57abcaq 1

22-07-2021 01:24

210722-de5t9k5b36 8

21-07-2021 23:49

210721-1rm8vd1rp2 1

21-07-2021 23:46

210721-ysde15n6z2 1

21-07-2021 23:43

210721-4nqdp19mka 8

Analysis

  • max time kernel
    736s
  • max time network
    1444s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    21-07-2021 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    krnl_console_bootstrapper.exe

  • Size

    2.9MB

  • MD5

    2c037f847cff23ca356f1d0c443c3647

  • SHA1

    07e633bcd75ec01da10b974e28b14a0a3c03f5a7

  • SHA256

    33aa53bb27ee095f72bbfb206be36d4dc74a0baa7db0246a60221b0f953a11ab

  • SHA512

    7dab22e729d992ccbbe44dd8f9efda3d155e3fc128386accf711298712285cbe6cc1e97ed30b528c1a96fbc0fc38f0159c659ddd7741f149b82bc49d8f5e9ca3

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:652
  • \??\c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k localservice -s fdPHost
    1⤵
      PID:3996
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2104
      • C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe
        "C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2172

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\krnl_console_bootstrapper.exe.log
        MD5

        2e47101ef9d3774d30194ed138e20bcf

        SHA1

        fccf20d0d6ff304f89972282cfdb5fe7cbfcde3a

        SHA256

        0fa790326bc221fdadc2ae443d9b29d075f74e316b50f44af7dcc0f7578a1174

        SHA512

        ed35b5e9eb9edd31f3a476c7ec86bcc106f97da6801602b2dd84d52f13d48330cd98965488b12f71d579ad8dd5f8dafab39d7f13c2e77a5c33bbeaa159aa9cc6

        Download Submit
      • C:\Users\Admin\Documents\7za.exe
        MD5

        ec79cabd55a14379e4d676bb17d9e3df

        SHA1

        15626d505da35bfdb33aea5c8f7831f616cabdba

        SHA256

        44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

        SHA512

        00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

        Download Submit
      • memory/652-114-0x0000000000D70000-0x0000000000D71000-memory.dmp
        Filesize

        4KB

        Download
      • memory/652-116-0x0000000005A50000-0x0000000005A51000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2172-120-0x0000000004EC0000-0x0000000004EC1000-memory.dmp
        Filesize

        4KB

        Download