Overview

overview

7

Static

static

1

krnlss.exe

windows7-x64

3

krnlss.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    krnlss.exe

  • Size

    1.5MB

  • Sample

    230416-wwyqnacf4t

  • MD5

    4d7c519cc2127f785d13694d7a281f33

  • SHA1

    6d5d49494ca03fb99f7124197296d43c68d0c027

  • SHA256

    6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

  • SHA512

    50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

  • SSDEEP

    12288:RnWI3NMW53x7+G70EE/0GGGGGGhGGGGxdoM43nwVkokbKXO:RnWuOWPC4ysGGGGGGhGGGGx1Vps9

Score
7/10

Malware Config

Targets

    • Target

      krnlss.exe

    • Size

      1.5MB

    • MD5

      4d7c519cc2127f785d13694d7a281f33

    • SHA1

      6d5d49494ca03fb99f7124197296d43c68d0c027

    • SHA256

      6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

    • SHA512

      50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

    • SSDEEP

      12288:RnWI3NMW53x7+G70EE/0GGGGGGhGGGGxdoM43nwVkokbKXO:RnWuOWPC4ysGGGGGGhGGGGx1Vps9

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks