Overview

overview

3

Static

static

3

kyan-cli.exe

windows7-x64

1

kyan-cli.exe

windows10-2004-x64

1

kyan-qt.exe

windows7-x64

1

kyan-qt.exe

windows10-2004-x64

1

kyan-tx.exe

windows7-x64

1

kyan-tx.exe

windows10-2004-x64

1

kyand.exe

windows7-x64

1

kyand.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2023 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kyand.exe

  • Size

    101.9MB

  • MD5

    0e3e5f929d4f2c65dc931fadfbeac2da

  • SHA1

    8baef0de8b40723cd450b1bb1cbc7e5183ac9c0a

  • SHA256

    96cdb859970773a8a6326485d418dedb8c3c1da730b64aa13681b2e5854e8f14

  • SHA512

    83ea1b8ac8d0d8febb4abf0753f8dbf05b5f7c9f1bf898258a75316451d059472923a208b17f46bdb006ca4820b5fd81b728371fb699dfdd1f8ce344b99e5e29

  • SSDEEP

    393216:785ylMtfZok+7Xn5ZoZyCarqkdYUXnAaJnHWP8gnoT7zD51XRM/3mj0nOn1cG4l3:o5ylMtfZok+7Xn5ZoZ6snmxjiAI

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kyand.exe
    "C:\Users\Admin\AppData\Local\Temp\kyand.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2168
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:4692

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\KyanCore\blocks\index\000002.dbtmp
      Filesize

      16B

      MD5

      206702161f94c5cd39fadd03f4014d98

      SHA1

      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

      SHA256

      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

      SHA512

      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\blocks\index\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\llmq\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\wallet.dat
      Filesize

      656KB

      MD5

      358876b7e8388944d8d27e6377154792

      SHA1

      051c4072c3f5d8d0d8a1aa1b669373a0ac92f14c

      SHA256

      5e100dbab18778b616cc14a60e63bea725341ce348ebbbaa87c7e7ad5fa24e53

      SHA512

      365d45caca5580ff9a0903d62406ec900df45f51348f115e5fcd81b251ea8f37c3df8b5a1c12b85b516cbdc86c11dd6df3848d3444a481aec3b5d38e35ca6d89

      Download Submit

    • memory/2168-222-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-227-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-220-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-221-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-218-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-223-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-226-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-219-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-228-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-229-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-230-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-231-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-232-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-233-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-234-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download