5b6fd07c8277fcdf99cf70afdc387b8b2fe45daacfa7b73d5e01e9958ee56250

Analysis

max time kernel
33s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kontakt_Keygen.exe
Size

962KB
MD5

ad9592255d9636acb0812ce5ecba4bf2
SHA1

aa648520183525acd2052929bb492349acfd1c35
SHA256

5b6fd07c8277fcdf99cf70afdc387b8b2fe45daacfa7b73d5e01e9958ee56250
SHA512

9f845190e708e25b3ff72a00b78a7d0d013c5899e80fe672b0b2aeb54280014cec08ff5716a3221437d80937e82575873762200beeb93c6e9b1a6069b7fe5bc9
SSDEEP

24576:XYkcL5VuTlHVFtRyTFk26EvNzNuYxP4Skqpua4vBu:okAaTtPyh9PvVNuc4Skjs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3860	keygen.exe

Loads dropped DLL 3 IoCs

pid	Process
3860	keygen.exe
3860	keygen.exe
3860	keygen.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1976	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 3860	2520	Kontakt_Keygen.exe	86
PID 2520 wrote to memory of 3860	2520	Kontakt_Keygen.exe	86
PID 2520 wrote to memory of 3860	2520	Kontakt_Keygen.exe	86

C:\Users\Admin\AppData\Local\Temp\Kontakt_Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Kontakt_Keygen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\Temp\keygen.exe
  C:\Users\Admin\AppData\Local\Temp\keygen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BASSMOD.DLL

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\BASSMOD.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RNIKG3.dll

Filesize
95KB

MD5
885ca24bbb17433a07519daf9f7c39a9

SHA1
1d4f2fa45da50745a300ba10549e4c9b96eac3b7

SHA256
8e74c0e17e65be570722a89727e02f04e9d4105e3d95d4ba378cc0225a14c467

SHA512
9144a65742218ec4569d388d423a4b8fd717370e7d3750bf905f337b9530e13f7954a56312a6d11d414c42aa97ef18b376bc2ca98315e80b4ba29fdff04e7414

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RNIKG3.dll

Filesize
95KB

MD5
885ca24bbb17433a07519daf9f7c39a9

SHA1
1d4f2fa45da50745a300ba10549e4c9b96eac3b7

SHA256
8e74c0e17e65be570722a89727e02f04e9d4105e3d95d4ba378cc0225a14c467

SHA512
9144a65742218ec4569d388d423a4b8fd717370e7d3750bf905f337b9530e13f7954a56312a6d11d414c42aa97ef18b376bc2ca98315e80b4ba29fdff04e7414

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RNIKG3.dll

Filesize
95KB

MD5
885ca24bbb17433a07519daf9f7c39a9

SHA1
1d4f2fa45da50745a300ba10549e4c9b96eac3b7

SHA256
8e74c0e17e65be570722a89727e02f04e9d4105e3d95d4ba378cc0225a14c467

SHA512
9144a65742218ec4569d388d423a4b8fd717370e7d3750bf905f337b9530e13f7954a56312a6d11d414c42aa97ef18b376bc2ca98315e80b4ba29fdff04e7414

Download Submit
C:\Users\Admin\AppData\Local\Temp\bgm.xm

Filesize
1.5MB

MD5
db5f21fb067c54b97f6fde240dcc24e3

SHA1
0a915727326b4202a0302bdfefe89549e1a50f36

SHA256
c1f6465962f4bba16b30f8a976d1b4f9dac618c4e977801fe0b3a077afb16526

SHA512
4273c8d99e65c792fb0d843f724caf9d53f501ae5d10d7d256c26a1833193880d25656ce0cecf6891b91ad22bfbfeedf35a84a140631bdb625c6ed448b28b215

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
491KB

MD5
2299f3a50dfc83bbac2833c8aab9ca8e

SHA1
d4dcb75d848e57f70f062b4b1685702aa98eaa31

SHA256
31b9777fe23022d78aa1d94e3e88e656b3697ac92e24c4507880f6eb49304fad

SHA512
7388d33ecc1cec85e36bfab4654e38ddb784e8a7d9dc7f972747b58be77bc7c1bb484651ddea584b6459318b75c8f4964da388d6f2eb0c9ad9ac7185830ce738

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
491KB

MD5
2299f3a50dfc83bbac2833c8aab9ca8e

SHA1
d4dcb75d848e57f70f062b4b1685702aa98eaa31

SHA256
31b9777fe23022d78aa1d94e3e88e656b3697ac92e24c4507880f6eb49304fad

SHA512
7388d33ecc1cec85e36bfab4654e38ddb784e8a7d9dc7f972747b58be77bc7c1bb484651ddea584b6459318b75c8f4964da388d6f2eb0c9ad9ac7185830ce738

Download Submit
memory/3860-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3860-14-0x0000000000A00000-0x0000000000A1E000-memory.dmp

Filesize
120KB

Download
memory/3860-6-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3860-17-0x00000000022B0000-0x00000000023B0000-memory.dmp

Filesize
1024KB

Download
memory/3860-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3860-20-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3860-21-0x00000000022B0000-0x00000000023B0000-memory.dmp

Filesize
1024KB

Download
memory/3860-24-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download