Analysis Overview
SHA256
37931c8c0cf2cb7b05e70806c38e30cfb9037a2752a535e22362b0fd52a25a11
Threat Level: Known bad
The file kutas.zip was found to be: Known bad.
Malicious Activity Summary
R77 family
r77 rootkit payload
Program crash
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-01-26 14:14
Signatures
R77 family
r77 rootkit payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-01-26 14:14
Reported
2023-01-26 14:15
Platform
win10v2004-20221111-en
Max time kernel
22s
Max time network
26s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Users\Admin\Desktop\BlazinHack.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\BlazinHack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\BlazinHack.exe | N/A |
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\kutas.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\BlazinHack.exe
"C:\Users\Admin\Desktop\BlazinHack.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 4864 -ip 4864
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4864 -s 1340
Network
Files
memory/4864-132-0x00007FF6D2FB0000-0x00007FF6D3558000-memory.dmp
memory/4864-133-0x00007FFD06340000-0x00007FFD06E01000-memory.dmp
memory/4864-134-0x00007FFD06340000-0x00007FFD06E01000-memory.dmp