Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

ConfigKelmis.exe

windows7-x64

1

ConfigKelmis.exe

windows10-2004-x64

1

Kelmis.exe

windows7-x64

1

Kelmis.exe

windows10-2004-x64

1

Kelmis_Dat...rp.dll

windows7-x64

1

Kelmis_Dat...rp.dll

windows10-2004-x64

1

Kelmis_Dat...ib.dll

windows7-x64

1

Kelmis_Dat...ib.dll

windows10-2004-x64

1

Kelmis_Dat...ix.dll

windows7-x64

1

Kelmis_Dat...ix.dll

windows10-2004-x64

1

Kelmis_Dat...ty.dll

windows7-x64

1

Kelmis_Dat...ty.dll

windows10-2004-x64

1

Kelmis_Dat...on.dll

windows7-x64

1

Kelmis_Dat...on.dll

windows10-2004-x64

1

Kelmis_Dat...re.dll

windows7-x64

1

Kelmis_Dat...re.dll

windows10-2004-x64

1

Kelmis_Dat...ng.dll

windows7-x64

1

Kelmis_Dat...ng.dll

windows10-2004-x64

1

Kelmis_Dat...ty.dll

windows7-x64

1

Kelmis_Dat...ty.dll

windows10-2004-x64

1

Kelmis_Dat...ml.dll

windows7-x64

1

Kelmis_Dat...ml.dll

windows10-2004-x64

1

Kelmis_Dat...em.dll

windows7-x64

1

Kelmis_Dat...em.dll

windows10-2004-x64

1

Kelmis_Dat...ro.dll

windows7-x64

1

Kelmis_Dat...ro.dll

windows10-2004-x64

1

Kelmis_Dat...ne.dll

windows7-x64

1

Kelmis_Dat...ne.dll

windows10-2004-x64

1

Kelmis_Dat...le.dll

windows7-x64

1

Kelmis_Dat...le.dll

windows10-2004-x64

1

Kelmis_Dat...le.dll

windows7-x64

1

Kelmis_Dat...le.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    130s
  • max time network
    265s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Kelmis.exe

  • Size

    638KB

  • MD5

    9bf33397af630274ab8926da08098ad5

  • SHA1

    93d6577b8cd156bc7394ac082fcff54d2f4ed338

  • SHA256

    369bade930a04a964e846b3302beba58e70fd2a112d2263c21b5b0ff0ea001a7

  • SHA512

    bf78932d84785c8f30748b28181f1184b56611c1b3415c9e9b877a94815b9dff1d9a8fc1ee7a9250cb1b07d120abccb9101eb6bd68a5a552b74e5f6921deaad5

  • SSDEEP

    1536:9C79gXAX271lcBzqEY2lkCswVxYDXosWkd09dlSaUGX5unVvX+9BRghXa9GGGGGl:+gXpJozm2lkCsuYDbMkZvVW9nWa29

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Kelmis.exe
    "C:\Users\Admin\AppData\Local\Temp\Kelmis.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3576
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x318 0x40c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3576-0-0x000001D036AB0000-0x000001D036AC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3576-1-0x000001D036A60000-0x000001D036A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3576-2-0x000001D1DA7E0000-0x000001D1DA800000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3576-5-0x000001D036AB0000-0x000001D036AC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3576-6-0x000001D036A60000-0x000001D036A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3576-4-0x000001D1DB530000-0x000001D1DB540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3576-3-0x000001D1DB500000-0x000001D1DB510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3576-7-0x000001D1DA7E0000-0x000001D1DA800000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3576-8-0x000001D1DB500000-0x000001D1DB510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3576-9-0x000001D1DB530000-0x000001D1DB540000-memory.dmp

    Filesize

    64KB

    Download