a1ed0e58c2c30b3fe1d05f5b27b51e49bf539ed27dbe371f2996dbae3332b9dd

Resubmissions

28/02/2024, 20:23

240228-y6e3eada63 7

28/02/2024, 20:19

240228-y34atsda22 7

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kcc_5.6.5.exe
Size

42.9MB
MD5

01539eed32d72cdc653cec8b6551f7db
SHA1

569fc96ea5bbbd9d8d7d1943bef9134ca6236a05
SHA256

a1ed0e58c2c30b3fe1d05f5b27b51e49bf539ed27dbe371f2996dbae3332b9dd
SHA512

b521438eecc3ad00ceb2f1d072e0719f7bda45428b03a6ef127037118b34e8ceaced837f8e4e496eaa1e396fe5f0a7f0faff1ef45bdd838bb0a6bc11fa857539
SSDEEP

786432:z5B+6VytjvRV7+gX4BMdhwzTQXRsdFbMp3C0Er7lMFcSS5U/LT2KXowkYXk9:zRyRvXlXGMK4XRszbWC0E39SCU/+0pkd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2184	kcc_5.6.5.exe
2184	kcc_5.6.5.exe
2184	kcc_5.6.5.exe
2184	kcc_5.6.5.exe
2184	kcc_5.6.5.exe
2184	kcc_5.6.5.exe
2184	kcc_5.6.5.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1252	7zFM.exe
Token: 35	1252	7zFM.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2184	2632	kcc_5.6.5.exe	28
PID 2632 wrote to memory of 2184	2632	kcc_5.6.5.exe	28
PID 2632 wrote to memory of 2184	2632	kcc_5.6.5.exe	28

C:\Users\Admin\AppData\Local\Temp\kcc_5.6.5.exe
"C:\Users\Admin\AppData\Local\Temp\kcc_5.6.5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Users\Admin\AppData\Local\Temp\kcc_5.6.5.exe
  "C:\Users\Admin\AppData\Local\Temp\kcc_5.6.5.exe"
  2⤵
  - Loads dropped DLL
  PID:2184

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2024

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2096

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26322\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
f58b1e1f6168d526473289f5f15cc66f

SHA1
ef9d3d6307dcbfc3b357b2dd30a75b08998c09b5

SHA256
ee778641ebc47383926d62d56612f25487151a183d76e3a2d013f658f6917918

SHA512
1278a6be2baaf05696c22db325faf2c90bc319fcb57daa6fcd2f2d95c1074797247d4a5df4d7e46f7177f1da07e9133f45c61c28e16a71b8d82ff627671b52f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26322\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
6a6f368802fefdd7c62cfa942e07ae51

SHA1
1012e2163d64b374fc784cb15205010492879d5d

SHA256
b7e6f1144d596ee1784359f384a3498bab32804add8c24bcf65964b413fb508d

SHA512
0dd5fb0bd23c8215254447d6e77d5bf95df8bf1c2e9f6f27dea1040ca496bd4135b40efe7f3bd4f8ab8300456a582b1596aeaea495dccab8fd4c7acf3c0034d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26322\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
ac718755753807cef7c5026dd8a58027

SHA1
4b39d0a3d442fbebcc7ac5fe35d3752dad87f58b

SHA256
b0418241a1c8c2ac1a230d586b0200f9e1033d1833dfd5f48719a1b611ae3fbc

SHA512
ef9b9f04ec1da1c63e1d1e8bdcf3d929dab9725383f58c94554aea801ef39f47c1a97115a57b4ae7390db59a979478940ea9e2b41003796745c0bfb159955a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
833aa996973b87eff6cdfea246d22999

SHA1
b89dc8d3f4aa772e32de79bb485c48054aa64361

SHA256
8831b1419c675ac71305ed616fa6aad97b068cc55796d1afc7593a1df2491226

SHA512
dfd12536e519f45294daa070aa35a8b1d32660e718e894f5e782d8bc093911b32f01052a1a9a79746e604b861d3794a4fef3b5bcad900c63460f243ff31fd416

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
efc8f224ea2f4af24b13329971cf551f

SHA1
a16fdedefe4bc6201243301624329525199e4f8d

SHA256
fea7c286fb3140a8d8739f2961a524c00dd0ad086f1d4517b74a84d7bb7dc18b

SHA512
5405abb3a52489b0c6a94cc1b840dfae2bded14e53f39bdcd4b8d8f0d8bfa9b43138d5a6eba1a1804d6fc2efe4dd21df1e223d4c77dd07bcafdedd7a4031512e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26322\python310.dll

Filesize
412KB

MD5
0729c4073b463ec4a1974944457d2491

SHA1
cf98075c3571769caaec362a1d3f7046398a86b8

SHA256
b06a6a5097699c4fc412858f13238ce92adbc637d1e0b27577fc32df851ecdd8

SHA512
a7a3ff8ba67328c0164fc8e719207a607da05b45b5acfc5d3d32845dacb8d9dc08e4495a85c2c8118543e5e7d8e9b067c298c8973e385861390a136e470d767c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26322\ucrtbase.dll

Filesize
970KB

MD5
aad2e99881765464c9ad9ccdbe78f0e0

SHA1
8634ce21a2683674210e836822fda448262e2e16

SHA256
e6287f7ba5892c99da70e9785d320a665809ca8e657a64b9fef1e8afcfb6a2f9

SHA512
68d2e898cdd73a3ad41ef3db7a149588a82629ac0628c07606f009bd6a92a62f9816c995b1794c8a957a4f3c55a72fcab17a400a2f55016a0ee8d773a172d002

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26322\python310.dll

Filesize
4.3MB

MD5
316ce972b0104d68847ab38aba3de06a

SHA1
ca1e227fd7f1cfb1382102320dadef683213024b

SHA256
34f0e44a0d089587e1ea48c1cc4c3164a1819c6db27a7c1b746af46d6388c26e

SHA512
a11da6590a71d977c62b1c26c275763413f6a455e6d85fa052654d05d845dbbe8122bbd8e0a23887f9873d4291382ebbd5df19674ad2dda1cf0ff3206054939b

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads