Analysis

  • max time kernel
    87s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 21:43

General

  • Target

    ransomwares/Krotten/Krotten.exe

  • Size

    53KB

  • MD5

    87ccd6f4ec0e6b706d65550f90b0e3c7

  • SHA1

    213e6624bff6064c016b9cdc15d5365823c01f5f

  • SHA256

    e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

  • SHA512

    a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

  • SSDEEP

    768:4yKoNLsn4Jp9ZvRInygrpMoZN+WtOl08jxBEHCDwBLpZTPCUvQK:j/sn4/OycxZN+MKxp8t9zQK

Score
8/10

Malware Config

Signatures

  • Disables RegEdit via registry modification 2 IoCs
  • Disables Task Manager via registry modification
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies Control Panel 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • System policy modification 1 TTPs 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ransomwares\Krotten\Krotten.exe
    "C:\Users\Admin\AppData\Local\Temp\ransomwares\Krotten\Krotten.exe"
    1⤵
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • Modifies WinLogon
    • Drops file in Windows directory
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:1676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads