95db018c3da57f081886511338ea920272fb9a7e64e1f885a3307e692071b674

Submit
Reports

Overview

overview

Static

static

KAPE/Get-K...te.ps1

windows10-2004-x64

KAPE/Modul...us.ps1

windows10-2004-x64

KAPE/Modul...MI.ps1

windows10-2004-x64

KAPE/Modul...ne.ps1

windows10-2004-x64

KAPE/Modul...ng.ps1

windows10-2004-x64

KAPE/Modul...er.exe

windows10-2004-x64

KAPE/Modul...er.exe

windows10-2004-x64

KAPE/Modul...md.exe

windows10-2004-x64

KAPE/Modul...00.ps1

windows10-2004-x64

KAPE/Modul...03.ps1

windows10-2004-x64

KAPE/Modul...md.exe

windows10-2004-x64

KAPE/Modul...md.exe

windows10-2004-x64

KAPE/Modul...md.exe

windows10-2004-x64

KAPE/Modul...md.exe

windows10-2004-x64

KAPE/Modul...md.exe

windows10-2004-x64

KAPE/Modul...ry.dll

windows10-2004-x64

KAPE/Modul...be.dll

windows10-2004-x64

KAPE/Modul...on.dll

windows10-2004-x64

KAPE/Modul...le.dll

windows10-2004-x64

KAPE/Modul...ut.dll

windows10-2004-x64

KAPE/Modul...er.dll

windows10-2004-x64

KAPE/Modul...np.dll

windows10-2004-x64

KAPE/Modul...ry.dll

windows10-2004-x64

KAPE/Modul...he.dll

windows10-2004-x64

KAPE/Modul...gs.dll

windows10-2004-x64

KAPE/Modul...s2.dll

windows10-2004-x64

KAPE/Modul...hs.dll

windows10-2004-x64

KAPE/Modul...es.dll

windows10-2004-x64

KAPE/Modul...am.dll

windows10-2004-x64

KAPE/Modul...rt.dll

windows10-2004-x64

KAPE/gkape.exe

windows10-2004-x64

KAPE/kape.exe

windows10-2004-x64

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 00:55

Sharing

Copy URL

Twitter E-mail

Static task

static1

ploutus

2 signatures

Behavioral task

behavioral1

Sample

KAPE/Get-KAPEUpdate.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

KAPE/Modules/Apps/GitHub/reg_hunter/reg_hunter_suspicious.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

KAPE/Modules/Windows/PowerShell_ProcessList_WMI.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

KAPE/Modules/Windows/PowerShell_Process_Cmdline.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

KAPE/Modules/Windows/PowerShell_WMIRepositoryAuditing.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

KAPE/Modules/bin/AmcacheParser.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

KAPE/Modules/bin/AppCompatCacheParser.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

KAPE/Modules/bin/EvtxECmd/EvtxECmd.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral9

Sample

KAPE/Modules/bin/EvtxECmd/Maps/Microsoft-Windows-PowerShell-Operational_Microsoft-Windows-PowerShell_4100.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

KAPE/Modules/bin/EvtxECmd/Maps/Microsoft-Windows-PowerShell-Operational_Microsoft-Windows-PowerShell_4103.ps1

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral11

Sample

KAPE/Modules/bin/JLECmd.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

KAPE/Modules/bin/LECmd.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

KAPE/Modules/bin/MFTECmd.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

KAPE/Modules/bin/PECmd.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral15

Sample

KAPE/Modules/bin/RBCmd.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.7-ZipHistory.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Adobe.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryApplication.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryApplicationFile.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryApplicationShortcut.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryDeviceContainer.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryDevicePnp.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryDriverBinary.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.AppCompatCache.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.AppCompatFlags.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.AppCompatFlags2.dll

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.AppPaths.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Ares.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.BamDam.dll

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.BluetoothServicesBthPort.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

KAPE/gkape.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral32

Sample

KAPE/kape.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryApplication.dll
Size

25KB
MD5

2a1bfa5b001068b7c9c6df12e268377b
SHA1

10f0afb932a8290c812884ae0e1db1a43d155b02
SHA256

80f726b29ba535677231021e2444938672bb44c80ce85512418c5d7ba40ad988
SHA512

35155e2b03418fbf71a8fa7086c78013e2e789a2a8c90802fb6419bfa627458709dbc9f48c3a217dc78dbc0d5630f5d072bf3b49ab40fdc42807810e43a085b5
SSDEEP

384:Lt7HqH02U4Yt6InWR3o8AGfZb8ZpHzGovujAxO8AGfZwGmGovy8ZpHeSB:xDqdB5njbiRP5jSyiRZ

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\KAPE\Modules\bin\RECmd\Plugins\RegistryPlugin.Amcache-InventoryApplication.dll,#1
1⤵
PID:4680

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads