Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
13-04-2024 17:42
General
-
Target
kayflock-beta/packages/ranks/fullstack-magic.exe
-
Size
1.4MB
-
MD5
4a629a32c3cc21b2276bb0785713eb1e
-
SHA1
7888df74655fcbd13b80cf614098f1a773596438
-
SHA256
7e01d1f8f33c2df815d95078825da15efdeaa5cbd6a8556d8323c0d39ad0cd53
-
SHA512
1f1765b9699aa1da93763d956b2cc110228a74f492fde210e27b4ec4b7b26c55fefc6dd5a4e73c8e324b2208be28f52b8261a64247cb42f8330c9cfea451570d
-
SSDEEP
24576:Mc8sHmuATYC2ts1BsuZYrPNVfBAmNvf26ikntJMVoUx8AI8AKwsKI2+Xf:z3Hmu+B2ts1BsEYhVHpfCKMVoUiAI8Y
Score
8/10
Malware Config
Signatures
-
Sets service image path in registry 2 TTPs 1 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\kayflock-beta\packages\ranks\fullstack-magic.exe"C:\Users\Admin\AppData\Local\Temp\kayflock-beta\packages\ranks\fullstack-magic.exe"1⤵
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\kayflock-beta\packages\ranks\fullstack-magic.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\kayflock-beta\packages\ranks\fullstack-magic.exe" MD53⤵
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1800 -s 12402⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1800-1-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB