5aa539ec4031a820f233e2aedc7f75230682c30edf651b3a1b1b52b4c679da01

Resubmissions

22/10/2023, 19:51

231022-yk3lksce6t 5

22/10/2023, 17:19

231022-vv2v9add4v 4

Analysis

max time kernel
157s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

KNIME 5.1.2 Installer (64bit).exe
Size

530.1MB
MD5

082457641cb61624d27a585a59c46e9d
SHA1

b309ee99f9a81c8feb9ccd87dec52e72cda6a162
SHA256

5aa539ec4031a820f233e2aedc7f75230682c30edf651b3a1b1b52b4c679da01
SHA512

4d214243053b5f92d2625069ff6f322c9fc014260f086f4e07f220fa66d5ffddeb24c5be9487005effb2f36816fb1d45426486edbb37a9f09eba297fd62b48a5
SSDEEP

12582912:tCcvEHnhQFkPVskrApUmtfszFupGRaWbHOfjBSZJqL9Nate:tCcynukPV5FSsR1RaWzOMZJqLB

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\KNIME\is-AJ22U.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\configuration\org.eclipse.osgi\290\0\.cp\lib\is-RHPAE.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.javasnippet_5.1.0.v202305191913\is-6C4UM.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.stats_5.1.0.v202303061417\is-QB1LL.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-7BDO8.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\api-ms-win-core-string-l1-1-0.dll	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\api-ms-win-crt-conio-l1-1-0.dll	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\vcruntime140_1.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\p2\org.eclipse.equinox.p2.engine\profileRegistry\KNIMEProfile.profile\is-OQ62R.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-V62MG.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-5L050.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\prefs.dll	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\rmi.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.ext.jep_5.1.0.v202303061417\is-SJRAS.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.eclipse.e4.rcp_4.27.0.v20230220-1431\is-1M4CL.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-QR91A.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.product_5.1.2.v202310131049\META-INF\is-J2NUS.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\p2\org.eclipse.equinox.p2.engine\profileRegistry\KNIMEProfile.profile\.data\org.eclipse.equinox.internal.p2.touchpoint.eclipse.actions\is-JCLEE.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-OK3N1.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-73PEE.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\knimec.exe	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.2.700.v20221108-1024\eclipse_11801.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.eclipse.equinox.p2.core.feature_1.6.1700.v20230120-0604\META-INF\is-83CJJ.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.binary.jre_5.1.0.v202303200000\is-4ALI5.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.core.ui_5.1.0.v202309060918\is-6O3GT.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-7BCI8.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\unins000.dat	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\com.equo.chromium.cef.feature_106.0.17\META-INF\is-793AL.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-QJQS6.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-ML2NN.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.js.quickforms_5.1.2.v202310091338\META-INF\is-L4LKB.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-F4LQK.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\com.equo.chromium.cef.win32.win32.x86_64_106.0.17\chromium-5249\libEGL.dll	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\jaccessinspector.exe	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.gateway_5.1.2.v202310091338\META-INF\is-DNN9I.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.stats_5.1.0.v202303061417\is-L0SC5.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.xml_5.1.0.v202303061418\is-E71VC.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-9VIVT.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-25O03.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\javaaccessbridge.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\configuration\org.eclipse.equinox.simpleconfigurator\is-6DD8F.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.base_5.1.2.v202310111637\META-INF\is-ALCVN.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.timeseries_5.1.0.v202303061417\META-INF\is-G1VOF.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-7EBVB.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-0TNJ7.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\com.equo.chromium.cef.win32.win32.x86_64_106.0.17\chromium-5249\equochro_helper.exe	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\api-ms-win-core-timezone-l1-1-0.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.eclipse.ecf.filetransfer.feature_3.14.1800.v20220215-0126\is-IG4P5.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\j2gss.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-BDAFJ.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.ext.poi_5.1.0.v202307031219\is-9OPHB.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-V1ECM.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\net.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.base_5.1.2.v202310111637\META-INF\is-P4E5G.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.clfixes_5.1.1.v202309291106\META-INF\is-KHG5U.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-QHBF5.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\plugins\is-I3DIA.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\api-ms-win-crt-time-l1-1-0.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.eclipse.ecf.filetransfer.ssl.feature_1.1.401.v20210409-2301\is-FO5O5.tmp	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.browser.cef_5.1.2.v202310091338\is-D0E1I.tmp	KNIME 5.1.2 Installer (64bit).tmp
File opened for modification	C:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_17.0.5.20221116\jre\bin\j2pkcs11.dll	KNIME 5.1.2 Installer (64bit).tmp
File created	C:\Program Files\KNIME\features\org.knime.features.google.api_5.1.0.v202307071418\META-INF\is-L0DMO.tmp	KNIME 5.1.2 Installer (64bit).tmp

Executes dropped EXE 1 IoCs

pid	Process
1064	KNIME 5.1.2 Installer (64bit).tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1064	KNIME 5.1.2 Installer (64bit).tmp
1064	KNIME 5.1.2 Installer (64bit).tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1064	KNIME 5.1.2 Installer (64bit).tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 1064	4128	KNIME 5.1.2 Installer (64bit).exe	88
PID 4128 wrote to memory of 1064	4128	KNIME 5.1.2 Installer (64bit).exe	88
PID 4128 wrote to memory of 1064	4128	KNIME 5.1.2 Installer (64bit).exe	88

C:\Users\Admin\AppData\Local\Temp\KNIME 5.1.2 Installer (64bit).exe
"C:\Users\Admin\AppData\Local\Temp\KNIME 5.1.2 Installer (64bit).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Users\Admin\AppData\Local\Temp\is-RTR24.tmp\KNIME 5.1.2 Installer (64bit).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RTR24.tmp\KNIME 5.1.2 Installer (64bit).tmp" /SL5="$701CC,554769964,832512,C:\Users\Admin\AppData\Local\Temp\KNIME 5.1.2 Installer (64bit).exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\KNIME\features\org.eclipse.ecf.core.feature_1.6.1.v20211005-1944\is-EMKHB.tmp

Filesize
16KB

MD5
84283fa8859daf213bdda5a9f8d1be1d

SHA1
0cbef63aebcfcd4cd201ebeb48ce294e377a6321

SHA256
928c4a6af7e9cf82589e560f98ffbb6ade7385b59fec8cb4ef36a6bb91cf7018

SHA512
f4eb2bb38fa8c40b44c714e05b518ded3641529d689552b131613a40a64940d0369263f3afde03a7d289dd88e38c50975527103fc43eb32984e84e8236ab9feb

Download Submit
C:\Program Files\KNIME\features\org.eclipse.ecf.core.ssl.feature_1.1.501.v20210409-2301\is-HK109.tmp

Filesize
9KB

MD5
618d2440fc58e15450a9416cd6804477

SHA1
c501b7ce0b1ee46ad86fff436bcb7dc2cd549dc2

SHA256
0efe4d6eb579f748857a93c5a781c3000f70f339074b29d15b914213e14b1d53

SHA512
7b48c3911305756ad7d7bf65e5254c5151f619fdd16cd80be01208a8e868f02066a91a872c17824537e6173d9e0cb81c1c5b0081cea6c1cd585c91bcddf6438a

Download Submit
C:\Program Files\KNIME\features\org.eclipse.equinox.p2.core.feature_1.6.1700.v20230120-0604\META-INF\is-58OU3.tmp

Filesize
9KB

MD5
ca03b32810d981eb4020d0a36e870fde

SHA1
f389dc7e276106c4308156b79081017c8a8aadef

SHA256
e72da986c8ba7c8b51ea040a572fc44c000469da1b047c2871b90fd0b822a540

SHA512
93d19a2767ecb3fc75bd8d3e8bfa05224aae9c1142620477e1447ff4458d255b599abfa92daca15947bd61772e34e92cbc9565b90b5d0dd8b3ef46afe21d83a0

Download Submit
C:\Program Files\KNIME\features\org.eclipse.equinox.p2.user.ui_2.4.1900.v20230120-0604\META-INF\is-QOSHR.tmp

Filesize
9KB

MD5
f6aacb71c67253ac2188a0b43dcfa77a

SHA1
7083b3cb43dc5c290b15442bdefb82373b2b19a6

SHA256
536a96b97e2276e9fdd9b5b88c7e951a9d05e560ff83c734cf4ee81acc3b6df5

SHA512
0fd1107552815be329094e737bcdb8ccace13ff556c04929713b27832a9cb3f68a512115bb7291a867f4bcc79cd0ea03567850c4f5ecb88095614a34918439a7

Download Submit
C:\Program Files\KNIME\features\org.eclipse.rcp_4.27.0.v20230302-0300\META-INF\is-VB1V9.tmp

Filesize
9KB

MD5
5b7b9baffe35c4a52c72bf05bbf1c53a

SHA1
9a25a1ac433a03c4d23a192c7e660742a11ca373

SHA256
7a8cd6f9845edb76f2884495dd44a5173883b26bd25d4e8a69e2a24798aa3b8f

SHA512
ea0856ed36c625013b68010952f6fcd6ff56231f0d9e0486d96d50ecfa920dbecffe6570e048a9aa2d60877f83102efe576f18a7543f269f74a941a93517d31f

Download Submit
C:\Program Files\KNIME\features\org.knime.features.base.views_5.1.1.v202308221556\META-INF\is-52CBL.tmp

Filesize
10KB

MD5
c2559ab0b82c39431a3b80716f440ccf

SHA1
901a9f9e21226450ed013b87ff5847e89d9f5159

SHA256
a70f57172dd6f864ff81f9d0abeab01ed3ae1d1443b1a84956fcaad5fe76613d

SHA512
7d34f38401803acea937c0b47204fde9dc5bceec5e5f2be0dea94433cb69dcb9e181a374f4e2a6197c77a7c73be12ab8a6b0df7f210bb7486716aa66d458e6e9

Download Submit
C:\Program Files\KNIME\features\org.knime.features.credentials.base_5.1.0.v202308221415\META-INF\is-BRGMA.tmp

Filesize
11KB

MD5
960813b1d211a0bcc82200ea8c6df445

SHA1
248ae8c064d41218d20c069f26a30d1dcc1f10b8

SHA256
9b0b7cc3f200af862fd5dee3143bf36c91d30b1f5847dfdf8ca6b3e63459e60b

SHA512
747658daa5aa94083a7169736974e741409b326ee03e63fd3f0c3d3758e5ece7a114a3a4ff498be21326c79f5e41b7e91c1b6607c06183bec6a39674d3936e48

Download Submit
C:\Program Files\KNIME\features\org.knime.features.ext.poi_5.1.0.v202307031219\META-INF\is-G3U6E.tmp

Filesize
11KB

MD5
4e36f38058344e524d26116f9131b75c

SHA1
ebe2a4f472f981a2233d37d23e193a7b9c843ad5

SHA256
f9ab5cf03fe51528c3a678eb54bba0669e4b48126d64b24611b93b10d85a416a

SHA512
7bac6984f129ff8c6b750e0a32b6356562fb7de32d04a1c51cd9244d96904a2e4f46b850f6d6b0cad3d35fedd88739f55c28fe085b6ac050b6554492b9830a42

Download Submit
C:\Program Files\KNIME\features\org.knime.features.gateway_5.1.2.v202310091338\META-INF\is-DNN9I.tmp

Filesize
11KB

MD5
cbd9ac2619092184c8c1d462e309cc52

SHA1
a076ff18027b0873cab53fce9fc7128cf10b797f

SHA256
074e3dff04eaf04ca9e1d4fbfb7ebb8a496b27068df8be59d71a2ab9349aab52

SHA512
d2aeeac96b5b606fd1b8286c2c628b88dbef96ace1fdfe76c0ab9afab8b2ea988e6859787b384ebb1abe530dcf3a8e7f3c21ed8ae7669733d98ac3eefca8ad4a

Download Submit
C:\Program Files\KNIME\knime.exe

Filesize
413KB

MD5
36193909b88e679fedfe0d4e7c4982b6

SHA1
dcbfe8d5fb9f6210e713a8c11d09922e04f6aed3

SHA256
1a3c61f73efe99d80d17313cacc38e4e4011c690ed3a0ada581ee1eb34160a12

SHA512
cdf55a1ccae2388b4afa7479db175a01e6fc289bdcb01331db630189ed30f43c1f98a351a208f21871a0d894111f25b6e9dea6e35a30d95564f747f5b2b7042f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RTR24.tmp\KNIME 5.1.2 Installer (64bit).tmp

Filesize
3.1MB

MD5
a6080655fa61811c746e6f8b5bad04d0

SHA1
0ddda3732d6a13a6ebc0d16e955eb1b1c3755c26

SHA256
75c1c464c5112545aeb96b4601707ac6462f06f503a3f1ebcca1b86f9c842004

SHA512
d65319a9d361cdbfccf463fbb94b23fa7e19be478c790fd0e70549f09ac72f3829c14b1815473006d8e083ca0865cef6c7cf1ef41a4a553c5ed04be6e78beaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RTR24.tmp\KNIME 5.1.2 Installer (64bit).tmp

Filesize
3.1MB

MD5
a6080655fa61811c746e6f8b5bad04d0

SHA1
0ddda3732d6a13a6ebc0d16e955eb1b1c3755c26

SHA256
75c1c464c5112545aeb96b4601707ac6462f06f503a3f1ebcca1b86f9c842004

SHA512
d65319a9d361cdbfccf463fbb94b23fa7e19be478c790fd0e70549f09ac72f3829c14b1815473006d8e083ca0865cef6c7cf1ef41a4a553c5ed04be6e78beaa1

Download Submit
memory/1064-32-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1064-30-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1064-28-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1064-10-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1064-9-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1064-6-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1064-793-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1064-1041-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4128-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4128-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download