770cdc29f6e2be9d6782e167b23270e175cf99733cc5eabfc55e5ee79a3ec5c5

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 13:57

Target

kayflockloader.exe
Size

35.5MB
MD5

68fd24befa991832f50294269b0ffe2e
SHA1

e2139a380d4a34ea789481044e5a0ce20ccbb39d
SHA256

770cdc29f6e2be9d6782e167b23270e175cf99733cc5eabfc55e5ee79a3ec5c5
SHA512

2883c44d407476f2dd55bb52d6e3f3042c9b2d59b15b7521e1dda314b3429ca45cbaf5e8e330f7267d8ae9695f95f55f3b94fb393f2f2f28f1bbfaeb760e05a9
SSDEEP

393216:FWvz+XOVzrlICtL+9qzTfgD7fEUyIQY/m66WCD6:Az+XOxiA+9q/fq7fEbIMVD6

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1712	kayflockloader.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a4c0-88.dat	upx
behavioral1/files/0x000500000001a4c0-89.dat	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1712	kayflockloader.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1712	2088	kayflockloader.exe	28
PID 2088 wrote to memory of 1712	2088	kayflockloader.exe	28
PID 2088 wrote to memory of 1712	2088	kayflockloader.exe	28

C:\Users\Admin\AppData\Local\Temp\kayflockloader.exe
"C:\Users\Admin\AppData\Local\Temp\kayflockloader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\AppData\Local\Temp\kayflockloader.exe
  "C:\Users\Admin\AppData\Local\Temp\kayflockloader.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1712

C:\Users\Admin\AppData\Local\Temp\_MEI20882\python312.dll

Filesize
988KB

MD5
acbd800d03214b3433fff1da29a230fd

SHA1
c710acf41c017505a3462f9a10073741ca2795f1

SHA256
1ff0e58ab493c3abad7a010311124432d9ecb33310e33f33c2a84940cff9c00b

SHA512
7f3aeb402d5e3bd5837f9fe1bf285fb4082223e6ac1da236b6a31a7aeb4b18757066c1324c7dad2074562782526f94b90f3a1453dd142084c6d527a73fc60c27

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20882\python312.dll

Filesize
1.4MB

MD5
d97b4cdbde5c55e25e58d9598e407f8d

SHA1
9be892955047293d496b4045229bceaebeecc1aa

SHA256
2c73c801fa7d28b0a50cbfef9e58f08c9485fbf0154db11857307be475951fbb

SHA512
8af167470285b8b66e24091ac31512d9480e023c453cf6c0581690ca7a24cf882db18ed2b6190d334e2114d888c98ffd0ad956c85524b38210292caf46008014

Download Submit
memory/1712-90-0x000007FEF5C10000-0x000007FEF62E0000-memory.dmp

Filesize
6.8MB

Download