6bcdc64c2e0696439747f873dba0a1bda6ce9ac212716abd33f35ef580b1f7c5

Resubmissions

23/02/2024, 13:47

240223-q3tsdsbe41 7

23/02/2024, 13:24

23/02/2024, 13:22

23/02/2024, 12:49

23/02/2024, 12:33

Analysis

max time kernel
70s
max time network
31s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
23/02/2024, 12:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Kontakt_Keygen.exe
Size

1.4MB
MD5

3ccb8742cef48f550cc173db02461e50
SHA1

ef96a73552b5dd1bb90729f43199227befd22b43
SHA256

6bcdc64c2e0696439747f873dba0a1bda6ce9ac212716abd33f35ef580b1f7c5
SHA512

c8cf28ebd5a72feba0c9f8ec66761f72765d68b0f2ccd52491dd8e608d33b8f2a14399b90af358c82058ba4bfd0b5493533210b0629a6178f38dbdc47fc75666
SSDEEP

24576:UcLj4nJW05XoXymQWUCGU+bb6lJOhZOlCs/n7bfIL+aoApRp2KVMv2dnj0iFHmJ1:UA8JW0e77Gbf6lJOz0gt52KVMSjrFHm

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
752	keygen.exe

Loads dropped DLL 3 IoCs

pid	Process
752	keygen.exe
752	keygen.exe
752	keygen.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000600000001ac40-4.dat	upx
behavioral1/memory/752-6-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/752-18-0x0000000000400000-0x000000000043C000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1508	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1508	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 752	2128	Kontakt_Keygen.exe	75
PID 2128 wrote to memory of 752	2128	Kontakt_Keygen.exe	75
PID 2128 wrote to memory of 752	2128	Kontakt_Keygen.exe	75

C:\Users\Admin\AppData\Local\Temp\Kontakt_Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Kontakt_Keygen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\keygen.exe
  C:\Users\Admin\AppData\Local\Temp\keygen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BASSMOD.DLL

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RNIKG.dll

Filesize
280KB

MD5
d570c67bb9d1c4288065df4fa210a8ca

SHA1
a8fa9a7b5112363edfb559204f626a341c95e00c

SHA256
1e8c2a17ee27ff72f4b0c58e2f872d5477f190b7a435df3d3028d07c4e018f20

SHA512
fe2a0f5f4314ce20e6e1a768235b9d9a1316e9da80a5b89847163c311d4c931864499b3be1fe336e475089a25a2708faa72fa5339ea14147480797fb64e5ba07

Download Submit
C:\Users\Admin\AppData\Local\Temp\bgm.xm

Filesize
1.5MB

MD5
db5f21fb067c54b97f6fde240dcc24e3

SHA1
0a915727326b4202a0302bdfefe89549e1a50f36

SHA256
c1f6465962f4bba16b30f8a976d1b4f9dac618c4e977801fe0b3a077afb16526

SHA512
4273c8d99e65c792fb0d843f724caf9d53f501ae5d10d7d256c26a1833193880d25656ce0cecf6891b91ad22bfbfeedf35a84a140631bdb625c6ed448b28b215

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
866KB

MD5
ee75dec80a304522e575591ef379d9c2

SHA1
c79d55a1c36d7ddd4e4016bd5d7606c73006ba91

SHA256
a447ec3c7e4b44e8db53500eb52340ffe831bfb7150861e98ca3b4046a52bd9f

SHA512
2789b84b93887bf5b17876bde885a7100528c281afe1debbd03eb14adf914baf07bedb6a508565013bd903f50941eda9c90f68c7b76fabea5f7f97d55acdfd67

Download Submit
memory/752-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/752-25-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/752-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/752-18-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/752-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/752-20-0x00000000023B0000-0x0000000002466000-memory.dmp

Filesize
728KB

Download
memory/752-22-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/752-14-0x00000000023B0000-0x0000000002466000-memory.dmp

Filesize
728KB

Download
memory/752-28-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/752-29-0x00000000023B0000-0x0000000002466000-memory.dmp

Filesize
728KB

Download
memory/752-31-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/752-34-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/752-37-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/752-40-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download