Resubmissions
Analysis
-
max time kernel
18s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
12/04/2024, 00:29
Behavioral task
behavioral1
Sample
KAKEInjector.exe
Resource
win10-20240404-en
4 signatures
600 seconds
General
-
Target
KAKEInjector.exe
-
Size
13.3MB
-
MD5
d3e95be2649c118c1a29845bb01d276d
-
SHA1
95c60314bddcead34a0debd5dd88a27ee5b2043a
-
SHA256
e99851d913f6351aac755889657d9264c68ab8a514111340b34aa1288f33f557
-
SHA512
3f171395b24c49adb5c1dadc140be26df7cf853c3cd6cc1029ebbfdd24d5dd5fb68db9e0a2903d301e4c433e76e31c9ff4963781fc92d7a4b3d8b21ecc572f8f
-
SSDEEP
196608:WsNTktYiCgG0NHlgd8rZs2ZfM7l2vNcRWDXotySxQXixPjTFmtxGov:dTGTVGwlgd/2FMZeNyv6SxjhmR
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2676-2-0x00007FF77A410000-0x00007FF77BD20000-memory.dmp themida behavioral1/memory/2676-3-0x00007FF77A410000-0x00007FF77BD20000-memory.dmp themida -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2676 KAKEInjector.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2676 KAKEInjector.exe 2676 KAKEInjector.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2676 wrote to memory of 3428 2676 KAKEInjector.exe 75 PID 2676 wrote to memory of 3428 2676 KAKEInjector.exe 75 PID 3428 wrote to memory of 3092 3428 cmd.exe 76 PID 3428 wrote to memory of 3092 3428 cmd.exe 76 PID 3428 wrote to memory of 4260 3428 cmd.exe 77 PID 3428 wrote to memory of 4260 3428 cmd.exe 77 PID 3428 wrote to memory of 2408 3428 cmd.exe 78 PID 3428 wrote to memory of 2408 3428 cmd.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe"C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:3428 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe" MD53⤵PID:3092
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:4260
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:2408
-
-