Overview

overview

7

Static

static

1

KryxiviaInstaller.exe

windows7-x64

7

KryxiviaInstaller.exe

windows10-2004-x64

3

Resubmissions

20-03-2023 04:10

230320-erwl3abg47 8

20-03-2023 04:09

230320-eqz8vsdg9z 7

Analysis

  • max time kernel
    99s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-03-2023 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KryxiviaInstaller.exe

  • Size

    5.2MB

  • MD5

    359e6b859b5c3d0714015952eef68f7d

  • SHA1

    2c82924ccce46d992588ea88bea2ba7d48a1e4d5

  • SHA256

    ced9be4b013de155b7b413926254b898dc3364e71d339893d3014c065dbf41b2

  • SHA512

    0347a6ae8b1e72bf3f86e65d7b70ed6d94e794292040a79921b48142ae2e1309337aef04cb4f6251f93e88aaf9884a4ddaa58b725e6a85f05321acb078cd50fc

  • SSDEEP

    98304:ST/yH02PyfKIRetXCnZsrr+Qeack4iHKpgJKHA3x1j5mLBrG5dkjC6:2yHpPX3eqGpa3KpgJKHevj5mLByzkW6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KryxiviaInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\KryxiviaInstaller.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:3964

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads