Overview
overview
10Static
static
10kayflock-b...I2.dll
windows7-x64
1kayflock-b...I2.dll
windows10-2004-x64
1kayflock-b...nt.dll
windows7-x64
1kayflock-b...nt.dll
windows10-2004-x64
1kayflock-b...on.exe
windows7-x64
1kayflock-b...on.exe
windows10-2004-x64
1kayflock-b...ck.exe
windows7-x64
1kayflock-b...ck.exe
windows10-2004-x64
7kayflock-b...us.dll
windows7-x64
1kayflock-b...us.dll
windows10-2004-x64
1kayflock-b...ne.exe
windows10-2004-x64
1kayflock-b...vc.exe
windows10-2004-x64
1kayflock-b...er.exe
windows10-2004-x64
1kayflock-b...ic.exe
windows7-x64
8kayflock-b...ic.exe
windows10-2004-x64
8kayflock-b...hh.exe
windows10-2004-x64
1kayflock-b...ad.exe
windows10-2004-x64
1kayflock-b...64.exe
windows10-2004-x64
1kayflock-b...32.dll
windows10-2004-x64
1kayflock-b...32.exe
windows10-2004-x64
1kayflock-b...te.exe
windows10-2004-x64
7kayflock-b...nt.dll
windows7-x64
1kayflock-b...nt.dll
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
13-04-2024 17:42
Behavioral task
behavioral1
Sample
kayflock-beta/Guna.UI2.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
kayflock-beta/Guna.UI2.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
kayflock-beta/System.Management.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
kayflock-beta/System.Management.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
kayflock-beta/byfron.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
kayflock-beta/byfron.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
kayflock-beta/kayflock.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
kayflock-beta/kayflock.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
kayflock-beta/nexus.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
kayflock-beta/nexus.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
kayflock-beta/packages/ranks/HelpPane.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral12
Sample
kayflock-beta/packages/ranks/bfsvc.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
kayflock-beta/packages/ranks/explorer.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
kayflock-beta/packages/ranks/fullstack-magic.exe
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
kayflock-beta/packages/ranks/fullstack-magic.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral16
Sample
kayflock-beta/packages/ranks/hh.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
kayflock-beta/packages/ranks/notepad.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral18
Sample
kayflock-beta/packages/ranks/splwow64.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
kayflock-beta/packages/ranks/twain_32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral20
Sample
kayflock-beta/packages/ranks/winhlp32.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
kayflock-beta/packages/ranks/write.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
kayflock-beta/runtimes/win/lib/net6.0/System.Management.dll
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
kayflock-beta/runtimes/win/lib/net6.0/System.Management.dll
Resource
win10v2004-20240412-en
General
-
Target
kayflock-beta/packages/ranks/twain_32.dll
-
Size
63KB
-
MD5
afe119dd4e17891b227684f38aa25d4d
-
SHA1
2159772933e0ba4fb108edb93067cfdd067abf15
-
SHA256
eec41d62ab5d2e1d880b338c47a2156a5ee7e58f3448f58cc8120392ddc8c730
-
SHA512
37309c74f3b6e356506c40c871a90294d9f874388a1417af9eb27cde085cf62a72af79b258c78cac0ac2ed8a183e349ffb8f67f2a9c3f46c1d19f2fe3ea9408f
-
SSDEEP
768:uPC0xySqWNPwcKnReqpxORBoWNOMFN5cYsFx1gAmOURksWrk/VwLtkKavNi3IJzU:uPC0xyowcklqHw9xGkLrNLtBiNR
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 228 wrote to memory of 4164 228 rundll32.exe rundll32.exe PID 228 wrote to memory of 4164 228 rundll32.exe rundll32.exe PID 228 wrote to memory of 4164 228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kayflock-beta\packages\ranks\twain_32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kayflock-beta\packages\ranks\twain_32.dll,#12⤵PID:4164