Overview

overview

3

Static

static

3

kyan-cli.exe

windows7-x64

1

kyan-cli.exe

windows10-2004-x64

1

kyan-qt.exe

windows7-x64

1

kyan-qt.exe

windows10-2004-x64

1

kyan-tx.exe

windows7-x64

1

kyan-tx.exe

windows10-2004-x64

1

kyand.exe

windows7-x64

1

kyand.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    153s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2023 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kyand.exe

  • Size

    101.9MB

  • MD5

    0e3e5f929d4f2c65dc931fadfbeac2da

  • SHA1

    8baef0de8b40723cd450b1bb1cbc7e5183ac9c0a

  • SHA256

    96cdb859970773a8a6326485d418dedb8c3c1da730b64aa13681b2e5854e8f14

  • SHA512

    83ea1b8ac8d0d8febb4abf0753f8dbf05b5f7c9f1bf898258a75316451d059472923a208b17f46bdb006ca4820b5fd81b728371fb699dfdd1f8ce344b99e5e29

  • SSDEEP

    393216:785ylMtfZok+7Xn5ZoZyCarqkdYUXnAaJnHWP8gnoT7zD51XRM/3mj0nOn1cG4l3:o5ylMtfZok+7Xn5ZoZ6snmxjiAI

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kyand.exe
    "C:\Users\Admin\AppData\Local\Temp\kyand.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1240
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:436

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\KyanCore\blocks\index\000002.dbtmp
      Filesize

      16B

      MD5

      206702161f94c5cd39fadd03f4014d98

      SHA1

      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

      SHA256

      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

      SHA512

      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\blocks\index\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\llmq\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\wallet.dat
      Filesize

      648KB

      MD5

      e09dce9195fb8f031ba59d965d9a9559

      SHA1

      f89abe8ea8b66ea45cdf615bdf3f392df1a154a4

      SHA256

      6be010be2d5600b9f093898b3bb1578881cb1ee368e26ba74603da1345776468

      SHA512

      9fd7ab8af8645371379a2c651f00e6b422814435dda2f3691cf2b2eca9eb3a74e78bd7a1ce732b3c875d782dd6267132f6ffad4e4690f01af9404d1cfd7e5372

      Download Submit

    • memory/1240-144-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-148-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-140-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-143-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-126-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-145-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-147-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-139-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-149-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-150-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-151-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-152-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-153-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/1240-154-0x00000000013C0000-0x000000000701C000-memory.dmp

      Filesize

      92.4MB

      Download