Overview

overview

7

Static

static

3

Kayflockmp4_1.exe

windows7-x64

7

Kayflockmp4_1.exe

windows10-2004-x64

7

Resubmissions

28/12/2023, 15:39

231228-s3k7csafgr 7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2023, 15:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Kayflockmp4_1.exe

  • Size

    15.4MB

  • MD5

    eb5e92ece01989e0d5070f6306cc69c9

  • SHA1

    d4882d0d0dfbc9326c944f779131d11880e913ea

  • SHA256

    91abcd48958ffd621f1068c52dc0d86dc9baf1781e3b4e73e4c44a5c0887d7d1

  • SHA512

    bd060afeffc65f391a19c1dbceb3d301385088dfe6c74cd913343383809eec3d3cb6dbf4f54bd12be72c6449987eb40b7692155ef2c4efee51194cf65d1352e5

  • SSDEEP

    393216:uWvz+XOVV63etEL+9qzT7Ck+7q301Jc1bWXdWCUI:Pz+XOLI+9q/Z301QcVUI

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 48 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Kayflockmp4_1.exe
    "C:\Users\Admin\AppData\Local\Temp\Kayflockmp4_1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\Kayflockmp4_1.exe
      "C:\Users\Admin\AppData\Local\Temp\Kayflockmp4_1.exe"
      2⤵
      • Loads dropped DLL
      PID:1932
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2676

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI17122\python312.dll
          Filesize

          1.6MB

          MD5

          1a4d714a5c8d4443d5ee2151d39077f3

          SHA1

          7fc68dff2c8b38c9ac32ea11fa1371af106aabc8

          SHA256

          e19937cd5b0b04eeaba6df790eeb0419882fcfbc2b5b53261adad9e0a78081c2

          SHA512

          2cf4bf25c1a4889f0e91bf938c7e5455d65200ea41d8e7ae51d54a23f89098189390f60847697ded7feb10dab60d83f5a6c09398e593fb7a148fb86ff4826694

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_MEI17122\python312.dll
          Filesize

          1.1MB

          MD5

          372bfd602fe7cb59e24880298dda97eb

          SHA1

          1fb358d8a8d5fb71926906294b054c7da21625f4

          SHA256

          358eb951470c6eac88f3b0b8165331ada0d859713704d5c8359ba406eea6a309

          SHA512

          f1ec5972127eefaabf9943dac0373800241a7c49aae6491d6411c35fa5820f68ca1eb6b2e22f2a0489943b21bec6d2a9ce00ba8f8b6d4a4215f2bace6b4b4d5b

          Download Submit

        • memory/1932-90-0x000007FEF5DA0000-0x000007FEF6478000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/2676-178-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2676-179-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download