Overview
overview
7Static
static
7737c7ac726...99.exe
windows7-x64
3737c7ac726...99.exe
windows10-2004-x64
3$APPDATA/K...xt.dll
windows7-x64
1$APPDATA/K...xt.dll
windows10-2004-x64
1$APPDATA/K...64.dll
windows7-x64
7$APPDATA/K...64.dll
windows10-2004-x64
7$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...oc.dll
windows7-x64
1$PLUGINSDI...oc.dll
windows10-2004-x64
7$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CrashReporter.dll
windows7-x64
3CrashReporter.dll
windows10-2004-x64
3CrashRepor...nt.exe
windows7-x64
1CrashRepor...nt.exe
windows10-2004-x64
1Kanbox.exe
windows7-x64
1Kanbox.exe
windows10-2004-x64
1KanboxProp...xt.dll
windows7-x64
1KanboxProp...xt.dll
windows10-2004-x64
1KanboxProp...64.dll
windows7-x64
7KanboxProp...64.dll
windows10-2004-x64
7LiveUpdater.exe
windows7-x64
1LiveUpdater.exe
windows10-2004-x64
1Locales/zh-CN.dll
windows7-x64
1Locales/zh-CN.dll
windows10-2004-x64
1Analysis
-
max time kernel
141s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/01/2024, 02:23
Behavioral task
behavioral1
Sample
737c7ac72651e742a1f4761d0bc9ee99.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
737c7ac72651e742a1f4761d0bc9ee99.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$APPDATA/Kanbox Network/Kanbox/shellext/SyncStateExt.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral4
Sample
$APPDATA/Kanbox Network/Kanbox/shellext/SyncStateExt.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$APPDATA/Kanbox Network/Kanbox/shellext/SyncStateExtX64.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
$APPDATA/Kanbox Network/Kanbox/shellext/SyncStateExtX64.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/KillProc.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/KillProc.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
CrashReporter.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
CrashReporter.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
CrashReporterSilent.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
CrashReporterSilent.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Kanbox.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
Kanbox.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
KanboxPropSheetExt.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
KanboxPropSheetExt.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
KanboxPropSheetExtX64.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
KanboxPropSheetExtX64.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
LiveUpdater.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
LiveUpdater.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Locales/zh-CN.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
Locales/zh-CN.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
KanboxPropSheetExtX64.dll
-
Size
222KB
-
MD5
e51338d9f4e652faae871ec8f7f67626
-
SHA1
7044cf20c2d7be355068e83da2c1b0cb4fd8eed0
-
SHA256
83e59a8eb65924296a30e88f9a7c0f88ff6bbe9850d6c45e1bb2e6cc05677ac1
-
SHA512
5e0514c3f9e360ab95cfa2e5696898baa94dc4381c7bcba6069c5852d46a990d929b23b5441d87425675ee7c4218e2ad36665b4749a0f3fa607f29df649b4625
-
SSDEEP
3072:JKJZ6/wBr+Xn1rpHBKXRLFzmsOl7KgwxERggiI4I7GO:J2MwBe19HBGasOl+gYaG
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FD2B970-39AA-4F42-9752-BEA582663920}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FD2B970-39AA-4F42-9752-BEA582663920}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KanboxPropSheetExtX64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FD2B970-39AA-4F42-9752-BEA582663920}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe -
Modifies registry class 30 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64\CurVer\ = "KanboxPropSheetExtX64.KanboxShellPropX64.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VIRFOLDER regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0\FLAGS regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64.1\CLSID\ = "{4FD2B970-39AA-4F42-9752-BEA582663920}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64\ = "KanboxShellPropX64 Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64\CLSID\ = "{4FD2B970-39AA-4F42-9752-BEA582663920}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0\HELPDIR regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FD2B970-39AA-4F42-9752-BEA582663920}\ = "KanboxShellPropX64 Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FD2B970-39AA-4F42-9752-BEA582663920}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0\ = "KanboxPropSheetExtX64 1.0 Type Library" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0\0\win64 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VIRFOLDER\shellex\PropertySheetHandlers\KanboxShellPropX64 Class\ = "{4FD2B970-39AA-4F42-9752-BEA582663920}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VIRFOLDER\shellex\PropertySheetHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FD2B970-39AA-4F42-9752-BEA582663920} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FD2B970-39AA-4F42-9752-BEA582663920}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KanboxPropSheetExtX64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64.1\ = "KanboxShellPropX64 Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KanboxPropSheetExtX64.KanboxShellPropX64\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FD2B970-39AA-4F42-9752-BEA582663920}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VIRFOLDER\shellex\PropertySheetHandlers\KanboxShellPropX64 Class regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VIRFOLDER\shellex regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64E6D304-C1DC-4C9E-8773-EBE8B1FC78DA}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KanboxPropSheetExtX64.dll" regsvr32.exe