bdcebe6b1337d638c2570d9781583fffff590c060afca21ede8493b7174de412

Analysis

max time kernel
156s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 18:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

setup_katana_zero_1.0.5_(30035).exe
Size

175.9MB
MD5

275a3642a506819785178b133848fe36
SHA1

7af438e1754c7a8f277edb03ab05f6f22331ca67
SHA256

bdcebe6b1337d638c2570d9781583fffff590c060afca21ede8493b7174de412
SHA512

c660cf70d55773c3769b765de0e5ff16fe00d8746ab0179ef3a4fb5bd0044c6b43d9a38489579951351676d7b8146dd90324ccc1511d5f8decf1012be0c53b6b
SSDEEP

3145728:NpIC3SSlwLXoA/EIjpDai1L7BJfmiGn2RMWAPBsFsMGrATwVhO12lBzOHBKjjtB2:NpICicgoA/EIjd9ff5WWA81Ue2l1OHB1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2144	setup_katana_zero_1.0.5_(30035).tmp

Loads dropped DLL 5 IoCs

pid	Process
1940	setup_katana_zero_1.0.5_(30035).exe
2144	setup_katana_zero_1.0.5_(30035).tmp
2144	setup_katana_zero_1.0.5_(30035).tmp
2144	setup_katana_zero_1.0.5_(30035).tmp
2144	setup_katana_zero_1.0.5_(30035).tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2144	1940	setup_katana_zero_1.0.5_(30035).exe	28
PID 1940 wrote to memory of 2144	1940	setup_katana_zero_1.0.5_(30035).exe	28
PID 1940 wrote to memory of 2144	1940	setup_katana_zero_1.0.5_(30035).exe	28
PID 1940 wrote to memory of 2144	1940	setup_katana_zero_1.0.5_(30035).exe	28
PID 1940 wrote to memory of 2144	1940	setup_katana_zero_1.0.5_(30035).exe	28
PID 1940 wrote to memory of 2144	1940	setup_katana_zero_1.0.5_(30035).exe	28
PID 1940 wrote to memory of 2144	1940	setup_katana_zero_1.0.5_(30035).exe	28

C:\Users\Admin\AppData\Local\Temp\setup_katana_zero_1.0.5_(30035).exe
"C:\Users\Admin\AppData\Local\Temp\setup_katana_zero_1.0.5_(30035).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Users\Admin\AppData\Local\Temp\is-QF36T.tmp\setup_katana_zero_1.0.5_(30035).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QF36T.tmp\setup_katana_zero_1.0.5_(30035).tmp" /SL5="$5015C,183845417,192512,C:\Users\Admin\AppData\Local\Temp\setup_katana_zero_1.0.5_(30035).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\1207658714_english.jpg

Filesize
124KB

MD5
cba5334ecac271f33a050df6d644c304

SHA1
3e258d71996acd5552f912aa6f9b593d561ab87d

SHA256
8f6df008e27df617376646721d5389139129436c52d68cc64f4ec0f5a2b1805d

SHA512
0ca264fb211f8288e378eb285d5ae906a1939de9edac2268ea6e84a63181914e507741f7bf3ffb2061f4ba26c658acfa9696b1cfffff1039cf29c0e6af760503

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\1439474400_english.jpg

Filesize
176KB

MD5
edb88a8e8f8af6703ea1c56d0d1d5f27

SHA1
7103bcc99485fc1cfb62026665795f00949e6616

SHA256
238b1588b7d66ee14cbe0d411bc5cc1fa59591cb2c00c7d52ee75658e8fcf701

SHA512
0dcb3b768214449d12311b91e99e8f2172c95dd5b91919dc98a0ec3e5e417e8adedcfccf4dc354525e1830779bbbed1f5afffa5a1a0f4e8ef0dcc3e4d018d014

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\background.jpg

Filesize
383KB

MD5
f2d4829d52037321c5ddea452034fea5

SHA1
871a5a48fc3dfedfac08eca3d6e865a853d62202

SHA256
4bb388de79ab74a81ffdab24b6969d63245fea259043ff3d8da44969f78d03ed

SHA512
923c7ff925fcee7e2342a4a1ab93fd4da1482607da0313c3c78c229aa4555ba79d308d85f04805d2db19ce634afd08594e7de7f7903a6268f4a4b5a53871c613

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\slideshow.ini

Filesize
261B

MD5
2332fd96a1f83a3c31e4ebe6e540adb9

SHA1
6442cbc120e8da8751f21b4a880e9038cd25b9f0

SHA256
3614059e549ae87a8130e785bdcbf88e44754c6d1ab458969fbce119a4eda6cb

SHA512
4be2f5ca70843266fa21e1a045037823e0f4211358daae544f44f348819bec0070285a1e185aad0da94ea07dc0f2223f00ab6fc73e93583d0fbd30c1f7acf207

Download Submit
\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-KQGC0.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
\Users\Admin\AppData\Local\Temp\is-QF36T.tmp\setup_katana_zero_1.0.5_(30035).tmp

Filesize
1.3MB

MD5
03082a6a1e000a77be6a5b921c69bbe9

SHA1
1b9c52a40198158f0cb85ff3f48af0d6416fac8d

SHA256
87c07a864e6608f629d76350d65b6f43b603512ad2c8b2f8a2d3fb97d82d1e8f

SHA512
75d6aac90c3d698158763567b584bfce2c52d64e50b95b6e04aa36a48198f1a6b4125a3a2bdfab68a945d61c2ef45b1fe94755c39dfdf6b9b57b24225934edd8

Download Submit
memory/1940-2-0x00000000012A0000-0x00000000012D9000-memory.dmp

Filesize
228KB

Download
memory/1940-9-0x00000000012A0000-0x00000000012D9000-memory.dmp

Filesize
228KB

Download
memory/1940-0-0x00000000012A0000-0x00000000012D9000-memory.dmp

Filesize
228KB

Download
memory/2144-150-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/2144-13-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2144-10-0x0000000000AC0000-0x0000000000C12000-memory.dmp

Filesize
1.3MB

Download
memory/2144-27-0x0000000000A80000-0x0000000000A95000-memory.dmp

Filesize
84KB

Download
memory/2144-31-0x00000000032D0000-0x0000000003387000-memory.dmp

Filesize
732KB

Download
memory/2144-24-0x0000000000AC0000-0x0000000000C12000-memory.dmp

Filesize
1.3MB

Download
memory/2144-74-0x00000000022F0000-0x00000000022FE000-memory.dmp

Filesize
56KB

Download
memory/2144-8-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2144-152-0x0000000000AC0000-0x0000000000C12000-memory.dmp

Filesize
1.3MB

Download
memory/2144-153-0x0000000000A80000-0x0000000000A95000-memory.dmp

Filesize
84KB

Download
memory/2144-154-0x00000000032D0000-0x0000000003387000-memory.dmp

Filesize
732KB

Download
memory/2144-155-0x00000000022F0000-0x00000000022FE000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads