Resubmissions
27-10-2023 18:39
231027-xaprasgd3t 1027-10-2023 14:50
231027-r7ls1sfa81 1027-10-2023 14:46
231027-r5prwsgf98 10Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
27-10-2023 14:46
Static task
static1
Behavioral task
behavioral1
Sample
DesignaKnit v8.07.61 (07.2017).exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
DesignaKnit v8.07.61 (07.2017).exe
Resource
win10v2004-20231023-en
General
-
Target
DesignaKnit v8.07.61 (07.2017).exe
-
Size
12.9MB
-
MD5
508babbaa6f8b247629b3f0861721ed6
-
SHA1
76fcdec2cbb07c1950fc32deb48e1660a0657189
-
SHA256
9ef0e4dfd3d8172982d137edcd8a0e5ae220141410c80ee884c1cd77cc9a46c8
-
SHA512
1774a19adedea34c11a3829f59d1927a0c7a0eddb27932f1246af93c286ff80c2a88566514b4a59223e06dcfac7041eb40a71a983fa2fd42036df2fa6951636d
-
SSDEEP
196608:XjfHfeasLpjs10+k09F9fIKJsqW6MhDdbHLLRyYBtE3P3AaPCArRrytfCtGnfdVQ:XrHBEAFsZ60r9yYU36AtrytfC8dO
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
DesignaKnit v8.07.61 (07.2017).tmppid process 3052 DesignaKnit v8.07.61 (07.2017).tmp -
Loads dropped DLL 1 IoCs
Processes:
DesignaKnit v8.07.61 (07.2017).tmppid process 3052 DesignaKnit v8.07.61 (07.2017).tmp -
Drops file in Program Files directory 58 IoCs
Processes:
DesignaKnit v8.07.61 (07.2017).tmpdescription ioc process File created C:\Program Files (x86)\DesignaKnit 8\is-V2JDA.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-Q34TI.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-I0C8R.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\wav\is-V1OBA.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\wav\is-0SSUE.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-S4AUS.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-T16PG.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\wav\is-36DTI.tmp DesignaKnit v8.07.61 (07.2017).tmp File opened for modification C:\Program Files (x86)\DesignaKnit 8\SL4-REPR.EXE DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-2GJ18.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-NK2JQ.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\wav\is-E48M4.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-21Q99.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-K66D6.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-K7GPG.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-KF48V.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-46C66.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-3356M.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-5EE6D.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-7EQRA.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-9391G.tmp DesignaKnit v8.07.61 (07.2017).tmp File opened for modification C:\Program Files (x86)\DesignaKnit 8\FTD2XX.dll DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\unins000.dat DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-RA3CG.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-QJSTS.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-S9CSN.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-8J0PC.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-C5R3N.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-GL8NL.tmp DesignaKnit v8.07.61 (07.2017).tmp File opened for modification C:\Program Files (x86)\DesignaKnit 8\DK8_TTF_Replace_Roosmalen.exe DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-A8OQD.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-6T9UG.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-3V1SO.tmp DesignaKnit v8.07.61 (07.2017).tmp File opened for modification C:\Program Files (x86)\DesignaKnit 8\dk8.exe DesignaKnit v8.07.61 (07.2017).tmp File opened for modification C:\Program Files (x86)\DesignaKnit 8\DK8_TTF_Replace_Knitwrite.exe DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-C46GR.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-S38PA.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-9OD6O.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-DOD90.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-497BH.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\wav\is-K9EBA.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-41E14.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-GNDT7.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-S6VEK.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-2R3SP.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-IJIIU.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-C79A0.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\wav\is-14M6V.tmp DesignaKnit v8.07.61 (07.2017).tmp File opened for modification C:\Program Files (x86)\DesignaKnit 8\Misc.chm DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-P1ACK.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-S5083.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-JR1FM.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\wav\is-BG8UE.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-SCD9T.tmp DesignaKnit v8.07.61 (07.2017).tmp File opened for modification C:\Program Files (x86)\DesignaKnit 8\DK8a.dll DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-2T4P0.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-OANFB.tmp DesignaKnit v8.07.61 (07.2017).tmp File created C:\Program Files (x86)\DesignaKnit 8\is-38EUN.tmp DesignaKnit v8.07.61 (07.2017).tmp -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
DesignaKnit v8.07.61 (07.2017).tmppid process 3052 DesignaKnit v8.07.61 (07.2017).tmp 3052 DesignaKnit v8.07.61 (07.2017).tmp -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
DesignaKnit v8.07.61 (07.2017).tmppid process 3052 DesignaKnit v8.07.61 (07.2017).tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
DesignaKnit v8.07.61 (07.2017).exedescription pid process target process PID 3812 wrote to memory of 3052 3812 DesignaKnit v8.07.61 (07.2017).exe DesignaKnit v8.07.61 (07.2017).tmp PID 3812 wrote to memory of 3052 3812 DesignaKnit v8.07.61 (07.2017).exe DesignaKnit v8.07.61 (07.2017).tmp PID 3812 wrote to memory of 3052 3812 DesignaKnit v8.07.61 (07.2017).exe DesignaKnit v8.07.61 (07.2017).tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\DesignaKnit v8.07.61 (07.2017).exe"C:\Users\Admin\AppData\Local\Temp\DesignaKnit v8.07.61 (07.2017).exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3812 -
C:\Users\Admin\AppData\Local\Temp\is-MEA57.tmp\DesignaKnit v8.07.61 (07.2017).tmp"C:\Users\Admin\AppData\Local\Temp\is-MEA57.tmp\DesignaKnit v8.07.61 (07.2017).tmp" /SL5="$70118,13062523,128000,C:\Users\Admin\AppData\Local\Temp\DesignaKnit v8.07.61 (07.2017).exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3052
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
Filesize
1.1MB
MD55d7d14a1449317bfd7a4fc792ff18a16
SHA1082929b574ff610d73e021173e1ee79e30b08a5d
SHA2565f21584b10818e164381251bab3c87eec4fa225cb5b7e6bbd55558528f864dbf
SHA512c8dc63fff4ead8acdc459b6ec0abc7f4ba9867f33b0e1521e7424c0ab072605b6e5cfd291d5f25490615a6c38d34c2a107466b11ac30e9774def4f67a4ff7e64
-
Filesize
1.1MB
MD55d7d14a1449317bfd7a4fc792ff18a16
SHA1082929b574ff610d73e021173e1ee79e30b08a5d
SHA2565f21584b10818e164381251bab3c87eec4fa225cb5b7e6bbd55558528f864dbf
SHA512c8dc63fff4ead8acdc459b6ec0abc7f4ba9867f33b0e1521e7424c0ab072605b6e5cfd291d5f25490615a6c38d34c2a107466b11ac30e9774def4f67a4ff7e64