Analysis
-
max time kernel
295s -
max time network
302s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-es -
resource tags
arch:x64arch:x86image:win10v2004-20220721-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
10-08-2022 21:29
Static task
static1
Behavioral task
behavioral1
Sample
XKS.exe
Resource
win7-20220718-es
windows7-x64
5 signatures
300 seconds
General
-
Target
XKS.exe
-
Size
1.8MB
-
MD5
f43da7a7ea38479b025c754a09ec10ed
-
SHA1
5a6c17f037e7db6c512d351d763ab01a8f944bdc
-
SHA256
4136b980fcb12ab481555721ab307d6ec3c5b3e775e728561490078f869fed52
-
SHA512
9a03d153d2cf69e2c2917c9efbcfe5907133f7d429369752d018d7893402fe640d09cd00f50f50ded95c4e776d1636ab6e84c5d2838545cb4773c270a8927025
Malware Config
Signatures
-
Bandook payload 3 IoCs
Processes:
resource yara_rule behavioral2/memory/4852-133-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook behavioral2/memory/4852-134-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook behavioral2/memory/4852-135-0x0000000013140000-0x0000000013C7D000-memory.dmp family_bandook -
Processes:
resource yara_rule behavioral2/memory/4852-131-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral2/memory/4852-132-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral2/memory/4852-133-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral2/memory/4852-134-0x0000000013140000-0x0000000013C7D000-memory.dmp upx behavioral2/memory/4852-135-0x0000000013140000-0x0000000013C7D000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
msinfo32.exepid process 4852 msinfo32.exe 4852 msinfo32.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
XKS.exedescription pid process target process PID 5008 wrote to memory of 4852 5008 XKS.exe msinfo32.exe PID 5008 wrote to memory of 4852 5008 XKS.exe msinfo32.exe PID 5008 wrote to memory of 4852 5008 XKS.exe msinfo32.exe PID 5008 wrote to memory of 4852 5008 XKS.exe msinfo32.exe PID 5008 wrote to memory of 4852 5008 XKS.exe msinfo32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4852-130-0x0000000000000000-mapping.dmp
-
memory/4852-131-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/4852-132-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/4852-133-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/4852-134-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB
-
memory/4852-135-0x0000000013140000-0x0000000013C7D000-memory.dmpFilesize
11.2MB