Overview

overview

7

Static

static

kpot.exe

windows7_x64

1

kpot.exe

windows10_x64

7

Resubmissions

22-07-2021 10:18

210722-5mlbkea2zs 7

21-07-2021 12:57

210721-e9hy74lh3j 7

Analysis

  • max time kernel
    103s
  • max time network
    176s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    22-07-2021 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kpot.exe

  • Size

    85KB

  • MD5

    1562b53d6506283b35d3beaf2dec92e8

  • SHA1

    fcf2918829132cd43890129b8255f1d1533e07ab

  • SHA256

    76c39773f1b2801f46d8856d7ad46b97ef500ac07febec3f0bcf623c326aea87

  • SHA512

    3ecc8951c9dd308b59a69f7966956abf703c58d8f2f6ca059f9a9350e8d6679eb8063c7c31e4247cfd1cf31f2e2296c53b57b46f9c5b50fdf59c196950ac51b4

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kpot.exe
    "C:\Users\Admin\AppData\Local\Temp\kpot.exe"
    1⤵
      PID:752
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:1772
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1776
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:275457 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1596

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        MD5

        2902de11e30dcc620b184e3bb0f0c1cb

        SHA1

        5d11d14a2558801a2688dc2d6dfad39ac294f222

        SHA256

        e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

        SHA512

        efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        MD5

        76aaad7f78e642693e97c9358ccffe74

        SHA1

        781d642f438d53020cef6e89faba4409b1ad18ec

        SHA256

        338f0d1e9a1a0693ba9a8bc3aa4fd01e70475ced4630a5021aec6aea5afa474d

        SHA512

        d26f427bfdbad3a574651668e9261a0cd10805ba657e2191de6c4cc0d5b19c4e234d5902725d9f2c88408aeae8998a60fc1c9ceb5ce02dee106117a3af1c3d57

        Download Submit
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9SP26ZWS.txt
        MD5

        772bb093306182b41799d87eb4176385

        SHA1

        ef0281262dfc660c7cae1702d59fd7c1841cf4be

        SHA256

        e7f26fd0c595d072401ad9d550bb1c1a9dc04f1ac300d636d3ad2fac467b6d67

        SHA512

        be9bb9370faa9969637580628c8fc63998eb9c7287bad0b95a8edde9fc123ed82d65b57931686fefaeca2a908998ca6aecc7b06d599b27e8334f18441f530cc6

        Download Submit
      • memory/752-60-0x0000000075451000-0x0000000075453000-memory.dmp
        Filesize

        8KB

        Download
      • memory/752-63-0x0000000000110000-0x0000000000112000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1596-62-0x0000000000000000-mapping.dmp
        Download
      • memory/1776-61-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp
        Filesize

        8KB

        Download