Overview

overview

10

Static

static

10

Korepi.rar

windows10-1703-x64

10

Korepi/Korepi.exe

windows10-1703-x64

10

Korepi/chr...nt.pak

windows10-1703-x64

3

Korepi/chr...nt.pak

windows10-1703-x64

3

Korepi/con...ig.xml

windows10-1703-x64

1

Korepi/con...es.pdb

windows10-1703-x64

3

Korepi/d3d...47.dll

windows10-1703-x64

3

Korepi/d4d...er.xml

windows10-1703-x64

1

Korepi/dll/ffmpeg.dll

windows10-1703-x64

1

Korepi/dll/libEGL.dll

windows10-1703-x64

1

Korepi/dll...v2.dll

windows10-1703-x64

3

Korepi/dll...er.dll

windows10-1703-x64

3

Korepi/dll...d.json

windows10-1703-x64

3

Korepi/dll...-1.dll

windows10-1703-x64

3

Korepi/ffmpeg.dll

windows10-1703-x64

1

Korepi/icudtl.dat

windows10-1703-x64

3

Korepi/libEGL.dll

windows10-1703-x64

1

Korepi/libGLESv2.dll

windows10-1703-x64

3

Korepi/system.yaml

windows10-1703-x64

3

Korepi/sys...gl.pdb

windows10-1703-x64

3

Korepi/vgrl.dll

windows10-1703-x64

1

Korepi/vivoxsdk.dll

windows10-1703-x64

1

Resubmissions

08-02-2024 19:42

240208-ye7cksbg28 10

08-02-2024 19:33

240208-x9kavshh6s 10

Analysis

  • max time kernel
    126s
  • max time network
    161s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08-02-2024 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Korepi/config/config.xml

  • Size

    161B

  • MD5

    c16b0746faa39818049fe38709a82c62

  • SHA1

    3fa322fe6ed724b1bc4fd52795428a36b7b8c131

  • SHA256

    d61bde901e7189cc97d45a1d4c4aa39d4c4de2b68419773ec774338506d659ad

  • SHA512

    cbcba899a067f8dc32cfcbd1779a6982d25955de91e1e02cee8eaf684a01b0dee3642c2a954903720ff6086de5a082147209868c03665c89f814c6219be2df7c

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Korepi\config\config.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Korepi\config\config.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3744 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f2ea59e07724463ec28b29768356eff5

    SHA1

    e3b55609f7d1a36d81693ed88ed09dfb6221edfd

    SHA256

    18785db1d77697125fef732d8199fa0194921afc2b917e0aa7b02a352984d4c0

    SHA512

    0ce0f557febf29eb4a68edd807e5221d3c74576d1a57fbd8240b232b3fbcf5f030ee7542fb234875c004f534a9ea179f6f76341996a0ef08878cc3b78918b5cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    cd75146291c624ca26c6de8256bd53be

    SHA1

    296efb6eaf47335d9b0bff0aa95a88aa41bf2865

    SHA256

    6935a9bee6dec6597839423d79f0d20a517a3d9278fdfa82a24f2b51403b4f6e

    SHA512

    a7a65930660646d0b4312b5d7d40b65df3714c5a3d7a1fbdd29bcb8c6fe148253404b83b55f591a849f8937a56db3edf39684f125a208086f2f82614eb49d81e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GRBVG1Q5\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\M8VWJG9Y.cookie
    Filesize

    537B

    MD5

    6563c0000cb78a6f033bbc7ef1a31976

    SHA1

    22eea37ca6cf9f1ac83a56653e9be160319a54ec

    SHA256

    3554d8df9dc4c6ccae13050ca8bf5660949f8d9f274126a278fdafc51dfb2a47

    SHA512

    9e12d0a04c65a27cc772d47317bbbb6db31f54e79362c35d54e5abe36e9aaabbf5321719b4c809e3a61f7ca47125009fb2b671f5307aa39d2b6ea7c9a25f92b9

    Download Submit

  • memory/2156-12-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-13-0x00007FF851B40000-0x00007FF851B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-6-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-7-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-8-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-9-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-10-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-11-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-0-0x00007FF851B40000-0x00007FF851B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-15-0x00007FF851B40000-0x00007FF851B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-14-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-5-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-16-0x00007FF851B40000-0x00007FF851B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-18-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-19-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-17-0x00007FF851B40000-0x00007FF851B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-20-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-21-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-22-0x00007FF890B80000-0x00007FF890C2E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2156-4-0x00007FF851B40000-0x00007FF851B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-3-0x00007FF851B40000-0x00007FF851B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-2-0x00007FF891AB0000-0x00007FF891C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-1-0x00007FF851B40000-0x00007FF851B50000-memory.dmp

    Filesize

    64KB

    Download