Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

kyan-cli.exe

windows7-x64

1

kyan-cli.exe

windows10-2004-x64

1

kyan-qt.exe

windows7-x64

1

kyan-qt.exe

windows10-2004-x64

1

kyan-tx.exe

windows7-x64

1

kyan-tx.exe

windows10-2004-x64

1

kyand.exe

windows7-x64

1

kyand.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2023, 12:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kyand.exe

  • Size

    101.9MB

  • MD5

    0e3e5f929d4f2c65dc931fadfbeac2da

  • SHA1

    8baef0de8b40723cd450b1bb1cbc7e5183ac9c0a

  • SHA256

    96cdb859970773a8a6326485d418dedb8c3c1da730b64aa13681b2e5854e8f14

  • SHA512

    83ea1b8ac8d0d8febb4abf0753f8dbf05b5f7c9f1bf898258a75316451d059472923a208b17f46bdb006ca4820b5fd81b728371fb699dfdd1f8ce344b99e5e29

  • SSDEEP

    393216:785ylMtfZok+7Xn5ZoZyCarqkdYUXnAaJnHWP8gnoT7zD51XRM/3mj0nOn1cG4l3:o5ylMtfZok+7Xn5ZoZ6snmxjiAI

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kyand.exe
    "C:\Users\Admin\AppData\Local\Temp\kyand.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2168
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:4692

    Network

    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      208.194.73.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      208.194.73.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      59.128.231.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.128.231.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.81.21.72.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.81.21.72.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      kyan-mainnet.572133.club
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      kyan-mainnet.572133.club
      IN A
      Response
      kyan-mainnet.572133.club
      IN A
      94.130.96.139
    • flag-us
      DNS
      kyan-mainnet2.572133.club
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      kyan-mainnet2.572133.club
      IN A
      Response
      kyan-mainnet2.572133.club
      IN A
      168.119.60.46
    • flag-us
      DNS
      seed1.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed1.sappcoin.com
      IN A
      Response
      seed1.sappcoin.com
      IN A
      109.123.252.49
    • flag-us
      DNS
      seed2.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed2.sappcoin.com
      IN A
      Response
      seed2.sappcoin.com
      IN A
      149.102.146.13
    • flag-us
      DNS
      seed3.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed3.sappcoin.com
      IN A
      Response
      seed3.sappcoin.com
      IN A
      154.53.45.165
    • flag-us
      DNS
      seed4.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed4.sappcoin.com
      IN A
      Response
      seed4.sappcoin.com
      IN A
      194.140.198.63
    • flag-us
      DNS
      seed5.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed5.sappcoin.com
      IN A
      Response
      seed5.sappcoin.com
      IN A
      89.117.21.44
    • flag-us
      DNS
      seed6.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed6.sappcoin.com
      IN A
      Response
      seed6.sappcoin.com
      IN A
      194.233.79.205
    • flag-us
      DNS
      seed7.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed7.sappcoin.com
      IN A
      Response
      seed7.sappcoin.com
      IN A
      154.26.153.138
    • flag-us
      DNS
      seed8.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed8.sappcoin.com
      IN A
      Response
      seed8.sappcoin.com
      IN A
      185.252.234.241
    • flag-us
      DNS
      seed9.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed9.sappcoin.com
      IN A
      Response
    • flag-us
      DNS
      seed10.sappcoin.com
      kyand.exe
      Remote address:
      8.8.8.8:53
      Request
      seed10.sappcoin.com
      IN A
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.136.104.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.136.104.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.136.104.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.136.104.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      63.13.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      63.13.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      63.13.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      63.13.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      161.252.72.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      161.252.72.23.in-addr.arpa
      IN PTR
      Response
      161.252.72.23.in-addr.arpa
      IN PTR
      a23-72-252-161deploystaticakamaitechnologiescom
    • flag-us
      DNS
      161.252.72.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      161.252.72.23.in-addr.arpa
      IN PTR
      Response
      161.252.72.23.in-addr.arpa
      IN PTR
      a23-72-252-161deploystaticakamaitechnologiescom
    • 127.0.0.1:49740
      kyand.exe
    • 127.0.0.1:49742
      kyand.exe
    • 89.117.21.44:7577
      seed5.sappcoin.com
      kyand.exe
      156 B
       3
    • 127.0.0.1:49817
      kyand.exe
    • 127.0.0.1:49819
      kyand.exe
    • 127.0.0.1:9051
      kyand.exe
    • 127.0.0.1:9051
      kyand.exe
    • 154.53.45.165:7577
      seed3.sappcoin.com
      kyand.exe
      156 B
       3
    • 127.0.0.1:9051
      kyand.exe
    • 154.26.153.138:7577
      seed7.sappcoin.com
      kyand.exe
      156 B
       3
    • 127.0.0.1:9051
      kyand.exe
    • 127.0.0.1:9051
      kyand.exe
    • 109.123.252.49:7577
      seed1.sappcoin.com
      kyand.exe
      156 B
       3
    • 20.189.173.15:443
      322 B
       7
    • 185.252.234.241:7577
      seed8.sappcoin.com
      kyand.exe
      156 B
       3
    • 127.0.0.1:9051
      kyand.exe
    • 194.140.198.63:7577
      seed4.sappcoin.com
      kyand.exe
      156 B
       3
    • 127.0.0.1:9051
      kyand.exe
    • 149.102.146.13:7577
      seed2.sappcoin.com
      kyand.exe
      156 B
       3
    • 168.119.60.46:7577
      kyan-mainnet2.572133.club
      kyand.exe
      260 B
       200 B
       5
      5
    • 194.233.79.205:7577
      seed6.sappcoin.com
      kyand.exe
      156 B
       3
    • 209.197.3.8:80
      322 B
       7
    • 127.0.0.1:9051
      kyand.exe
    • 94.130.96.139:7577
      kyan-mainnet.572133.club
      kyand.exe
      156 B
       3
    • 94.130.96.139:7577
      kyan-mainnet.572133.club
      kyand.exe
      156 B
       3
    • 209.197.3.8:80
      322 B
       7
    • 89.117.21.44:7577
      seed5.sappcoin.com
      kyand.exe
      156 B
       3
    • 96.16.110.41:443
      322 B
       7
    • 127.0.0.1:9051
      kyand.exe
    • 149.102.146.13:7577
      seed2.sappcoin.com
      kyand.exe
      156 B
       3
    • 168.119.60.46:7577
      kyan-mainnet2.572133.club
      kyand.exe
      260 B
       200 B
       5
      5
    • 109.123.252.49:7577
      seed1.sappcoin.com
      kyand.exe
      156 B
       3
    • 154.26.153.138:7577
      seed7.sappcoin.com
      kyand.exe
      156 B
       3
    • 185.252.234.241:7577
      seed8.sappcoin.com
      kyand.exe
      156 B
       3
    • 127.0.0.1:9051
      kyand.exe
    • 89.117.21.44:7577
      seed5.sappcoin.com
      kyand.exe
      156 B
       3
    • 185.252.234.241:7577
      seed8.sappcoin.com
      kyand.exe
      156 B
       3
    • 89.117.21.44:7577
      seed5.sappcoin.com
      kyand.exe
      156 B
       3
    • 109.123.252.49:7577
      seed1.sappcoin.com
      kyand.exe
      156 B
       3
    • 154.53.45.165:7577
      seed3.sappcoin.com
      kyand.exe
      156 B
       3
    • 94.130.96.139:7577
      kyan-mainnet.572133.club
      kyand.exe
      156 B
       3
    • 185.252.234.241:7577
      seed8.sappcoin.com
      kyand.exe
      156 B
       3
    • 127.0.0.1:9051
      kyand.exe
    • 154.26.153.138:7577
      seed7.sappcoin.com
      kyand.exe
      156 B
       3
    • 94.130.96.139:7577
      kyan-mainnet.572133.club
      kyand.exe
      104 B
       2
    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      208.194.73.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      208.194.73.20.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      59.128.231.4.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      59.128.231.4.in-addr.arpa

    • 8.8.8.8:53
      240.81.21.72.in-addr.arpa
      dns
      71 B
       142 B
       1
      1

      DNS Request

      240.81.21.72.in-addr.arpa

    • 8.8.8.8:53
      kyan-mainnet.572133.club
      dns
      kyand.exe
      70 B
       86 B
       1
      1

      DNS Request

      kyan-mainnet.572133.club

      DNS Response

      94.130.96.139

    • 8.8.8.8:53
      kyan-mainnet2.572133.club
      dns
      kyand.exe
      71 B
       87 B
       1
      1

      DNS Request

      kyan-mainnet2.572133.club

      DNS Response

      168.119.60.46

    • 8.8.8.8:53
      seed1.sappcoin.com
      dns
      kyand.exe
      64 B
       80 B
       1
      1

      DNS Request

      seed1.sappcoin.com

      DNS Response

      109.123.252.49

    • 8.8.8.8:53
      seed2.sappcoin.com
      dns
      kyand.exe
      64 B
       80 B
       1
      1

      DNS Request

      seed2.sappcoin.com

      DNS Response

      149.102.146.13

    • 8.8.8.8:53
      seed3.sappcoin.com
      dns
      kyand.exe
      64 B
       80 B
       1
      1

      DNS Request

      seed3.sappcoin.com

      DNS Response

      154.53.45.165

    • 8.8.8.8:53
      seed4.sappcoin.com
      dns
      kyand.exe
      64 B
       80 B
       1
      1

      DNS Request

      seed4.sappcoin.com

      DNS Response

      194.140.198.63

    • 8.8.8.8:53
      seed5.sappcoin.com
      dns
      kyand.exe
      64 B
       80 B
       1
      1

      DNS Request

      seed5.sappcoin.com

      DNS Response

      89.117.21.44

    • 8.8.8.8:53
      seed6.sappcoin.com
      dns
      kyand.exe
      64 B
       80 B
       1
      1

      DNS Request

      seed6.sappcoin.com

      DNS Response

      194.233.79.205

    • 8.8.8.8:53
      seed7.sappcoin.com
      dns
      kyand.exe
      64 B
       80 B
       1
      1

      DNS Request

      seed7.sappcoin.com

      DNS Response

      154.26.153.138

    • 8.8.8.8:53
      seed8.sappcoin.com
      dns
      kyand.exe
      64 B
       80 B
       1
      1

      DNS Request

      seed8.sappcoin.com

      DNS Response

      185.252.234.241

    • 8.8.8.8:53
      seed9.sappcoin.com
      dns
      kyand.exe
      64 B
       122 B
       1
      1

      DNS Request

      seed9.sappcoin.com

    • 8.8.8.8:53
      seed10.sappcoin.com
      dns
      kyand.exe
      65 B
       123 B
       1
      1

      DNS Request

      seed10.sappcoin.com

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      2.136.104.51.in-addr.arpa
      dns
      142 B
       314 B
       2
      2

      DNS Request

      2.136.104.51.in-addr.arpa

      DNS Request

      2.136.104.51.in-addr.arpa

    • 8.8.8.8:53
      63.13.109.52.in-addr.arpa
      dns
      142 B
       290 B
       2
      2

      DNS Request

      63.13.109.52.in-addr.arpa

      DNS Request

      63.13.109.52.in-addr.arpa

    • 8.8.8.8:53
      161.252.72.23.in-addr.arpa
      dns
      144 B
       274 B
       2
      2

      DNS Request

      161.252.72.23.in-addr.arpa

      DNS Request

      161.252.72.23.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\KyanCore\blocks\index\000002.dbtmp
      Filesize

      16B

      MD5

      206702161f94c5cd39fadd03f4014d98

      SHA1

      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

      SHA256

      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

      SHA512

      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\blocks\index\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\llmq\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\KyanCore\wallet.dat
      Filesize

      656KB

      MD5

      358876b7e8388944d8d27e6377154792

      SHA1

      051c4072c3f5d8d0d8a1aa1b669373a0ac92f14c

      SHA256

      5e100dbab18778b616cc14a60e63bea725341ce348ebbbaa87c7e7ad5fa24e53

      SHA512

      365d45caca5580ff9a0903d62406ec900df45f51348f115e5fcd81b251ea8f37c3df8b5a1c12b85b516cbdc86c11dd6df3848d3444a481aec3b5d38e35ca6d89

      Download Submit

    • memory/2168-222-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-227-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-220-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-221-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-218-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-223-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-226-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-219-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-228-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-229-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-230-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-231-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-232-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-233-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    • memory/2168-234-0x0000000000620000-0x000000000627C000-memory.dmp

      Filesize

      92.4MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.