Resubmissions
Analysis
-
max time kernel
80s -
max time network
124s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
12/04/2024, 01:14
Behavioral task
behavioral1
Sample
KAKEInjector.exe
Resource
win10-20240404-en
4 signatures
300 seconds
General
-
Target
KAKEInjector.exe
-
Size
13.3MB
-
MD5
d3e95be2649c118c1a29845bb01d276d
-
SHA1
95c60314bddcead34a0debd5dd88a27ee5b2043a
-
SHA256
e99851d913f6351aac755889657d9264c68ab8a514111340b34aa1288f33f557
-
SHA512
3f171395b24c49adb5c1dadc140be26df7cf853c3cd6cc1029ebbfdd24d5dd5fb68db9e0a2903d301e4c433e76e31c9ff4963781fc92d7a4b3d8b21ecc572f8f
-
SSDEEP
196608:WsNTktYiCgG0NHlgd8rZs2ZfM7l2vNcRWDXotySxQXixPjTFmtxGov:dTGTVGwlgd/2FMZeNyv6SxjhmR
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1640-0-0x00007FF75FD30000-0x00007FF761640000-memory.dmp themida behavioral1/memory/1640-3-0x00007FF75FD30000-0x00007FF761640000-memory.dmp themida behavioral1/memory/1640-7-0x00007FF75FD30000-0x00007FF761640000-memory.dmp themida behavioral1/memory/1640-8-0x00007FF75FD30000-0x00007FF761640000-memory.dmp themida -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 1640 KAKEInjector.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1640 KAKEInjector.exe 1640 KAKEInjector.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 1640 wrote to memory of 4996 1640 KAKEInjector.exe 75 PID 1640 wrote to memory of 4996 1640 KAKEInjector.exe 75 PID 4996 wrote to memory of 2564 4996 cmd.exe 76 PID 4996 wrote to memory of 2564 4996 cmd.exe 76 PID 4996 wrote to memory of 2084 4996 cmd.exe 77 PID 4996 wrote to memory of 2084 4996 cmd.exe 77 PID 4996 wrote to memory of 4472 4996 cmd.exe 78 PID 4996 wrote to memory of 4472 4996 cmd.exe 78 PID 1640 wrote to memory of 1172 1640 KAKEInjector.exe 79 PID 1640 wrote to memory of 1172 1640 KAKEInjector.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe"C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1640 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe" MD53⤵PID:2564
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:2084
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:4472
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1172
-