Overview

overview

7

Static

static

KeyFileMaker.exe

windows7-x64

7

KeyFileMaker.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KeyFileMaker.exe

  • Size

    822KB

  • MD5

    c49f23998d3becf734c3de6482747337

  • SHA1

    f885c7cdeba78080c013853b5b044ebe05ee6ec8

  • SHA256

    47d816dc4f93d50916e76294421a5b4a303a9cd8b87a719831e129939a6f30ba

  • SHA512

    8c4bd1d3b0a3408a64210a075e040085a5720c9cbb185613df9c01064d148fd7b277364684a824ee9f56c85b217d291fd683415be7893c84df6b61a6f58cd059

  • SSDEEP

    12288:FxfGjIaAzFzGwDBQILVao5+bQOSoRe464XInAF+pAzFzGEDBQIh:FxAoJtQIA17k4pIHyJDQIh

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KeyFileMaker.exe
    "C:\Users\Admin\AppData\Local\Temp\KeyFileMaker.exe"
    1⤵
    • Loads dropped DLL
    PID:1708
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x498 0x41c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MobaXterm_Keygen.MSIL.1.0.0.0\BASSMOD.dll
    Filesize

    80KB

    MD5

    a4b959f7dfab6d52b08734bf1d552f62

    SHA1

    7978d30849656bc49fd6b95dd80b9df891482a9e

    SHA256

    2bf1bf0029962718d5d4c07d5ffc0bb91e32cc8a8c3c5105216417ce88dfc7ed

    SHA512

    9fa8a6e439e11c2682bb74319c1bdf51f4a1ab23c7720a2f9495c955e48a1306d57d6b13889a2380830e85c219f243a90d1df9730feb8ed02621b4759db9f7a5

    Download Submit

  • memory/1708-132-0x0000000000510000-0x00000000005E4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1708-133-0x0000000004FB0000-0x000000000504C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1708-134-0x0000000005800000-0x0000000005DA4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1708-135-0x00000000052F0000-0x0000000005382000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1708-136-0x00000000054E0000-0x00000000054EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1708-138-0x0000000010000000-0x0000000010014000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1708-139-0x0000000010000000-0x0000000010014000-memory.dmp

    Filesize

    80KB

    Download