Overview
overview
10Static
static
10kayflock-b...nt.dll
windows7-x64
1kayflock-b...nt.dll
windows10-2004-x64
1kayflock-b...on.exe
windows7-x64
1kayflock-b...on.exe
windows10-2004-x64
1kayflock-b...ck.exe
windows7-x64
1kayflock-b...ck.exe
windows10-2004-x64
7kayflock-b...us.dll
windows7-x64
1kayflock-b...us.dll
windows10-2004-x64
1kayflock-b...ne.exe
windows10-2004-x64
1kayflock-b...vc.exe
windows10-2004-x64
1kayflock-b...er.exe
windows10-2004-x64
1kayflock-b...ic.exe
windows7-x64
8kayflock-b...ic.exe
windows10-2004-x64
8kayflock-b...hh.exe
windows10-2004-x64
1kayflock-b...ad.exe
windows10-2004-x64
1kayflock-b...64.exe
windows10-2004-x64
1kayflock-b...32.dll
windows10-2004-x64
1kayflock-b...32.exe
windows10-2004-x64
1kayflock-b...te.exe
windows10-2004-x64
7Analysis
-
max time kernel
122s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-04-2024 17:32
Behavioral task
behavioral1
Sample
kayflock-beta/System.Management.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
kayflock-beta/System.Management.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
kayflock-beta/byfron.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
kayflock-beta/byfron.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
kayflock-beta/kayflock.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
kayflock-beta/kayflock.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
kayflock-beta/nexus.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
kayflock-beta/nexus.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
kayflock-beta/packages/ranks/HelpPane.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral10
Sample
kayflock-beta/packages/ranks/bfsvc.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
kayflock-beta/packages/ranks/explorer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
kayflock-beta/packages/ranks/fullstack-magic.exe
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
kayflock-beta/packages/ranks/fullstack-magic.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
kayflock-beta/packages/ranks/hh.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
kayflock-beta/packages/ranks/notepad.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral16
Sample
kayflock-beta/packages/ranks/splwow64.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
kayflock-beta/packages/ranks/twain_32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral18
Sample
kayflock-beta/packages/ranks/winhlp32.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
kayflock-beta/packages/ranks/write.exe
Resource
win10v2004-20240412-en
General
-
Target
kayflock-beta/byfron.exe
-
Size
15.1MB
-
MD5
027dcfe7428ee64267c19120bde8607a
-
SHA1
929621600cda0642861d57c3e39bc344f96f4926
-
SHA256
efd93048311e5feb5e853a5cff20112b6991ce662b8f8d90fa5377ef2aa16252
-
SHA512
155b4b18d59933b62602d934a197395d269d2011db8d3f0a86855e55f405fd66839ca6232c5d6075987750acc362d048d3783bbfd6940559f5924f3db2da50cd
-
SSDEEP
393216:dgCrScjgeDIC/tBmVczYo6kUFnURXrScjgeDIC/tBmVczYo6kUFnUR:VWcEe0ZVkUKWcEe0ZVkU
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
byfron.exedescription pid process target process PID 2188 wrote to memory of 2160 2188 byfron.exe WerFault.exe PID 2188 wrote to memory of 2160 2188 byfron.exe WerFault.exe PID 2188 wrote to memory of 2160 2188 byfron.exe WerFault.exe