Analysis
-
max time kernel
14s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
09-02-2023 12:18
Behavioral task
behavioral1
Sample
KMSpico.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
General
-
Target
KMSpico.exe
-
Size
3.5MB
-
MD5
34e53fd5d5b3534989b6b94c52d9d52a
-
SHA1
d4a166025f313d6a03ee9c52e025fc3bbf55014e
-
SHA256
bb39616af00afba184ec39118d17080a9c1b47e6d044fd7b850dde5903d929c4
-
SHA512
3de85bb1687d2e8fad0f68b27efedefa3a9bb7c8ddfc3bb0a6b8103d2d83563a8e6a69076d6276a8f39f526fac00a177e68f551ff7e1924250c1b3016e7d676a
-
SSDEEP
98304:zBC/1XczAVcz5iituNDynYX6KUXNnbe8awz:zcN/VOfYN+YX6KUXNnq8z
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2036-55-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2036-56-0x0000000000400000-0x0000000000435000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.