Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21/02/2024, 03:48
Static task
static1
Behavioral task
behavioral1
Sample
XKN.exe
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
XKN.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
XKN.exe
-
Size
1.4MB
-
MD5
bf982c88761dbbd65268dd4bf2867ff2
-
SHA1
24940c25da64936aaba7cf0f18993cf0b7f0bd4d
-
SHA256
81fcf54f9a9a9973bd734e203623f329dbef09789e2c25c78ef1c19a6f0c72d1
-
SHA512
cfaaf7426feb0fe2a826633450ce1d81c2d94f8ad4281ef7e31e60d28ccb991b467a5759af4315dbb63b259e52f80ee2a5b51d8304ea49e671fdffd51961f3a6
-
SSDEEP
24576:y3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6C:dmYqHU7pHYY00VcCDdowG3tMa6C
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 744 set thread context of 2288 744 XKN.exe 85 -
Program crash 1 IoCs
pid pid_target Process procid_target 3700 744 WerFault.exe 84 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe 744 XKN.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
pid Process 744 XKN.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 744 wrote to memory of 2288 744 XKN.exe 85 PID 744 wrote to memory of 2288 744 XKN.exe 85 PID 744 wrote to memory of 2288 744 XKN.exe 85 PID 744 wrote to memory of 2288 744 XKN.exe 85 PID 744 wrote to memory of 2288 744 XKN.exe 85 PID 744 wrote to memory of 2288 744 XKN.exe 85 PID 744 wrote to memory of 2288 744 XKN.exe 85 PID 744 wrote to memory of 2288 744 XKN.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\XKN.exe"C:\Users\Admin\AppData\Local\Temp\XKN.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:744 -
C:\Windows\SysWOW64\ctfmon.exe"C:\Windows\SysWOW64\ctfmon.exe -p 1234"2⤵PID:2288
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 4922⤵
- Program crash
PID:3700
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 744 -ip 7441⤵PID:5096