c4a23bb6f2f1cb4b5a9cc64927c27b69b269f853da89ba0e67ef1f15695873cd | Triage

Analysis

max time kernel
163s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 12:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

run KunLauncher.exe with path.bat
Size

29B
MD5

efd599e9beddc3f0dddf1e70731a3096
SHA1

76d1293a837a453a445725efe4d6fa977726612c
SHA256

27b9c22a69678270f03bb0d7899e416ea3a57a39fd342c8504205a9b23c23ead
SHA512

e61b6fe56b252ef4a0d33e5393f20ebca4addde68021ec493235bb0b5a01b994adf8a45a2fb2f0df1cea54ed790ff571e949ce3cae3b4667f7d8fa3e296f3674

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 1576	1140	cmd.exe	89
PID 1140 wrote to memory of 1576	1140	cmd.exe	89
PID 1140 wrote to memory of 1576	1140	cmd.exe	89
PID 1576 wrote to memory of 400	1576	KunLauncher.exe	92
PID 1576 wrote to memory of 400	1576	KunLauncher.exe	92
PID 1576 wrote to memory of 400	1576	KunLauncher.exe	92

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\run KunLauncher.exe with path.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Users\Admin\AppData\Local\Temp\KunLauncher.exe
  KunLauncher C:\your_game_path
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c pause
    3⤵
    PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads