bb39616af00afba184ec39118d17080a9c1b47e6d044fd7b850dde5903d929c4

Analysis

max time kernel
14s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
09-02-2023 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KMSpico.exe
Size

3.5MB
MD5

34e53fd5d5b3534989b6b94c52d9d52a
SHA1

d4a166025f313d6a03ee9c52e025fc3bbf55014e
SHA256

bb39616af00afba184ec39118d17080a9c1b47e6d044fd7b850dde5903d929c4
SHA512

3de85bb1687d2e8fad0f68b27efedefa3a9bb7c8ddfc3bb0a6b8103d2d83563a8e6a69076d6276a8f39f526fac00a177e68f551ff7e1924250c1b3016e7d676a
SSDEEP

98304:zBC/1XczAVcz5iituNDynYX6KUXNnbe8awz:zcN/VOfYN+YX6KUXNnq8z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2036-55-0x0000000000400000-0x0000000000435000-memory.dmp	upx
behavioral1/memory/2036-56-0x0000000000400000-0x0000000000435000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\KMSpico.exe
"C:\Users\Admin\AppData\Local\Temp\KMSpico.exe"
1⤵
PID:2036

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-54-0x0000000075631000-0x0000000075633000-memory.dmp

Filesize
8KB

Download
memory/2036-55-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2036-56-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download