Overview

overview

7

Static

static

kpot.exe

windows7_x64

kpot.exe

windows10_x64

7

Resubmissions

22-07-2021 10:18

210722-5mlbkea2zs 7

21-07-2021 12:57

210721-e9hy74lh3j 7

Analysis

  • max time kernel
    155s
  • max time network
    162s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    21-07-2021 12:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kpot.exe

  • Size

    85KB

  • MD5

    1562b53d6506283b35d3beaf2dec92e8

  • SHA1

    fcf2918829132cd43890129b8255f1d1533e07ab

  • SHA256

    76c39773f1b2801f46d8856d7ad46b97ef500ac07febec3f0bcf623c326aea87

  • SHA512

    3ecc8951c9dd308b59a69f7966956abf703c58d8f2f6ca059f9a9350e8d6679eb8063c7c31e4247cfd1cf31f2e2296c53b57b46f9c5b50fdf59c196950ac51b4

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kpot.exe
    "C:\Users\Admin\AppData\Local\Temp\kpot.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:416
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:3432
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2860

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      4e64ee3a1f4c34f528e8de9b728dbca6

      SHA1

      9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

      SHA256

      ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

      SHA512

      e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      813f6f5fe92b94423aacd37c9ded8293

      SHA1

      0aa75460d57412627a94db8ef8d7ee54e712dd89

      SHA256

      cb2b7f13bb318671469fa4096f72809dc3a04f60ebd4af635fc8ca736fdec2f0

      SHA512

      d5fdb229eda5754214ade6c6a6fa313780b5f2bb2ca42eb85f67b62d0e8231f0e24d407a97fb729d1d2fce6e9629d0911f2b6797786197d0cfd180425f9cabd8

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1750K2PW.cookie
      MD5

      c9884f05133e084d3f5a506741425d81

      SHA1

      f21efa726c3205613ff28f237f9ea75ad08ead64

      SHA256

      4a9b35c57f195033300b551359d601f0b7c8ca3b264eef8f4e303c118fbd951e

      SHA512

      c64a333c37b567bf53be496fe239e8846788316324742bdcfe0f25dd845d1fef9f8899eb0d9b4ff18bc3e9e3abfe8fdf8a67e7d55c7a29d2c3b7ce34f5192cdc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\LTMIF43S.cookie
      MD5

      7607131523b5d7f2626de9ea19a361f5

      SHA1

      affcdea48de278d2f0b30ac8d29ea9665fe4b7b5

      SHA256

      4b71fe8a0969e8ee0d1fac4337d6129b994b581962e5ce896f576d0fb67cc26b

      SHA512

      6fdc7bbd4fb8cc0a5b93b278a11c1b989904c5e787873867777252ffdd1ad33af47a36bac0ec16a27ff9c1ad680940f6e1ae872b9235908a031e1ed95f28cbf6

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MBNC96YF.cookie
      MD5

      2a9991fff1f7e65abc66aaa88f07c24e

      SHA1

      3fa629f7d71797c60a11b348ab9b57280c794d7b

      SHA256

      d35ff788b6c1f49369819c407b182987426b484747a29d4dd8da6c4089653f31

      SHA512

      413808308996b4549f0a6e31cdd4bf2c2b5526eb7fbc252a65894f520f621f83f98a2834fd93adf62879de9c8b5d70e328fcf7dee5dd874c59bfb19ecbf975db

      Download Submit
    • memory/2216-114-0x00007FFFAB820000-0x00007FFFAB88B000-memory.dmp
      Filesize

      428KB

      Download
    • memory/2860-115-0x0000000000000000-mapping.dmp
      Download