d7d9d426d72d2a994839ecba5e9a08a246c0b23d7a894804f070bd18ce513e65

Resubmissions

22-09-2023 16:16

230922-tqtteabb38 7

11-04-2023 19:36

230411-ya81lsgd6x 10

11-04-2023 19:28

230411-x6tp5aeg65 7

Analysis

max time kernel
41s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2023 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krisp-1.21.1-installer_pQow-O1.exe
Size

1.7MB
MD5

02aca2415c558b9d62d6d2c61f568f5d
SHA1

d2bb3e72371aee2d458bd2f147e56a9279e491e3
SHA256

d7d9d426d72d2a994839ecba5e9a08a246c0b23d7a894804f070bd18ce513e65
SHA512

5095f28f21a7b409d1ffb0a8e47ea741876c26436873d5ae3bb46ba6506b5f2baa866c0b3a8be61353ac3a472fe1d67bd93246509dd0c38040a0ab0ee6d7ce09
SSDEEP

24576:+7FUDowAyrTVE3U5FmxNfKzSYJMPaJPfrT90eKc4cgFLNPfs8duMpmsD:+BuZrEUeKzkwPH9RHgFLRdp/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

krisp-1.21.1-installer_pQow-O1.tmp

pid process

1472 krisp-1.21.1-installer_pQow-O1.tmp
Loads dropped DLL 2 IoCs

Processes:

krisp-1.21.1-installer_pQow-O1.tmp

pid process

1472 krisp-1.21.1-installer_pQow-O1.tmp
1472 krisp-1.21.1-installer_pQow-O1.tmp
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 31 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

pid	process
1472	krisp-1.21.1-installer_pQow-O1.tmp

pid	process
1472	krisp-1.21.1-installer_pQow-O1.tmp
1472	krisp-1.21.1-installer_pQow-O1.tmp

description	flow	ioc
HTTP User-Agent header	31	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

krisp-1.21.1-installer_pQow-O1.exe

description	pid	process	target process
PID 4940 wrote to memory of 1472	4940	krisp-1.21.1-installer_pQow-O1.exe	krisp-1.21.1-installer_pQow-O1.tmp
PID 4940 wrote to memory of 1472	4940	krisp-1.21.1-installer_pQow-O1.exe	krisp-1.21.1-installer_pQow-O1.tmp
PID 4940 wrote to memory of 1472	4940	krisp-1.21.1-installer_pQow-O1.exe	krisp-1.21.1-installer_pQow-O1.tmp

C:\Users\Admin\AppData\Local\Temp\krisp-1.21.1-installer_pQow-O1.exe
"C:\Users\Admin\AppData\Local\Temp\krisp-1.21.1-installer_pQow-O1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4940

C:\Users\Admin\AppData\Local\Temp\is-F0K69.tmp\krisp-1.21.1-installer_pQow-O1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-F0K69.tmp\krisp-1.21.1-installer_pQow-O1.tmp" /SL5="$6017A,875199,832512,C:\Users\Admin\AppData\Local\Temp\krisp-1.21.1-installer_pQow-O1.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-F0K69.tmp\krisp-1.21.1-installer_pQow-O1.tmp
Filesize
3.0MB

MD5
a13e891e7f1734de75ec6d3645b5604d

SHA1
3f39e07f548f9f056ba55f69cbc90bb75d0c0a05

SHA256
cbc9575ca8ebfbeaaf95bd21b2ac54956c460e975c4c9d71fee791accdedd94e

SHA512
2f74400c821d4f0f2d6386d05bfbb01da9abcd3a341a630c82a35ea976fea26ad62f1b83f27db760fd42dac1fae5dbaf2371b9e61c30e18a2e39f443b1cafdb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOQTC.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOQTC.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
memory/1472-6-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/1472-12-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/1472-11-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1472-16-0x0000000006810000-0x000000000681F000-memory.dmp

Filesize
60KB

Download
memory/1472-20-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4940-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4940-10-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4940-22-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download