Overview

overview

10

Static

static

10

kek.exe

windows7-x64

7

kek.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2023 18:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kek.exe

  • Size

    14KB

  • MD5

    68974532c8f44695e93037387a4c144e

  • SHA1

    581dc09b37eaf8177757a0d02598b5f8d528a59b

  • SHA256

    0cf1fb98bec224f1b5060c40c4784e5a43b022e2ce105b920bca786a92d153c3

  • SHA512

    7aea74e4cabfdd66034537eb3421e1e01029b084139657f4ce93cd8bdd019ef843570d1b986653a54388dcbf60a1eb069ee4252c6e98ae3739a81d63134db87a

  • SSDEEP

    192:y+8C+EKS0O9ejYTDG8bcp4LlzSnieXubWyD9JEBkGxVXoqoNSRJo:yNVjYTDG8gpqZeXTyD3EnxXoNV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kek.exe
    "C:\Users\Admin\AppData\Local\Temp\kek.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\maKuSAtY.vbs"
      2⤵
      • Deletes itself
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\maKuSAtY.vbs
    Filesize

    140B

    MD5

    8bd270c7ed718398879d43068036c048

    SHA1

    bda95a68367b9ce22e4fc53a0d88eb2c455a07a1

    SHA256

    29886efc9ce6a9a72ec952a8a036dd7ee2dc951317f523e54b645a9b34271462

    SHA512

    2b72c6dfaa49121a07bd25abcf45aa8370e3da9e630ffc0295e76ef58d89938e05f47363df39dc16fe84862315510453a72ab914a5c7efa4c47ca38f9adec4f2

    Download Submit

  • memory/1964-0-0x0000000074450000-0x00000000749FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1964-1-0x0000000074450000-0x00000000749FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1964-2-0x00000000001D0000-0x0000000000210000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1964-7-0x0000000074450000-0x00000000749FB000-memory.dmp

    Filesize

    5.7MB

    Download