Analysis

  • max time kernel
    119s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-04-2024 17:48

General

  • Target

    kayflock-beta/kayflock.exe

  • Size

    253KB

  • MD5

    2ea6211ab19482dddf2b32fdeddfe409

  • SHA1

    bfb9ab42d59ec933d1ebb8674bc697faaa99a52e

  • SHA256

    7a25def99b85f8486606ec7eb4d52395308afcc930e7b2df23897022b1d6baf1

  • SHA512

    e54d8b6db035ab9274c3f3a00474cf19d1543eb19f1c8eb89e11e33ddc6d675648201a70f495e6ddc0da4d71f17f01e3f6d77d5264effe1f0c46877379933bae

  • SSDEEP

    3072:yczkitvo4BpYN/6mBPry8TXROLdW5m4mURh9OOGm0kqxidvA8qY:yA4NCmBPry/N2VOOPwxU1q

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kayflock-beta\kayflock.exe
    "C:\Users\Admin\AppData\Local\Temp\kayflock-beta\kayflock.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.28&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    653c3162029e39ed1050f6086fc4d536

    SHA1

    9566dab8a43695d15f62caebe5d61f916d29a035

    SHA256

    eb36c5d7a6deac361b85e1d52fe40411fb79cd18a763f8ab9022e61ff9ff2c6a

    SHA512

    5b5e00d2e5899ea962c6fbf7a9e62825889620f09d04f62efa9e8dbdc020e0cebdad567a3eb0e4f6e8705d883b0666f1176670d8d88cfcf3cdb3eb46ad69b5d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7d2584098214709f6b91c82a51dfc023

    SHA1

    3a6bae9db57f903cd6601e1b285b4cb43ab7fbad

    SHA256

    513aaf879c11ab297ce733e5f8b62530845d251138f5fbb434d85c9038f93a82

    SHA512

    b0ab47a09498f54a02c6459822eac3a6ae645273023f6e3f55f1e0047a3f44b757b9e488f43278bc8859443242b867cb3759696909c731f5547f725d4d18b31a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    264eca0f7803e19e5efa33b2be66ac58

    SHA1

    d9c33c97eb62e3c5f117cf100872c1d65cf47d59

    SHA256

    5724cd9b091aafd075462bade92064419e2cdad1b491caab521cfabd5563d9ea

    SHA512

    8d02aa69526ea77f61e3c18d7be440cbb8a3b3ee10620e49ff7803b1acb1e9da5aff34af6617721febcdc738663328fd38d298964495f91db93e0a114757b620

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    865774acc00f3c822601fab8dda80456

    SHA1

    a41600127f2339417d71bd748b5fd145ed119210

    SHA256

    aa512da17c9091e9d47031933738a24263397f0bf78c8a0e57dfe650492ea9b0

    SHA512

    bc0fc1e7fedaee279df8bcc82744b98d4de9208a32869174b914934bfe6f6eefb38c5c1978112fad69891b84f64eba4471e5a77209e914ef8268f9e4587ba695

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b39a8c99ed39916d453c2756064dee6

    SHA1

    d68708f3f284166eb048ce80fe9b4f1966d48149

    SHA256

    1cd1ae0f6b0849b7d96616022dfed391412443229410ef204f600fc3dba300f7

    SHA512

    f9aa4e2b39dca67eac663303b4055686d6da44b174d55dbcb3861b2878ff885936c7646472100d44addd04adf554a16eb633f26131e086246a820e003c6802af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6bfc6fd5fa5b12ec9235ffb9d7fa6ff0

    SHA1

    232fd7b3cc2894ed963661b46cb1a3372a256ac0

    SHA256

    bce1cfbd8abd1b78cb03bc550fe8fc302d898c0b7f072c0837eb41d94b2187d5

    SHA512

    fcdde91ad2ff4350d0367293163f06f0bbbc6c4b8be1623c484ebc4977a4a09d10855da60575493166f17d84e9c090d446b6d57e8151d88ec606bc6feaf1a0cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cbeabf73ef523ac7669e3b57f2ca6a54

    SHA1

    e9c76c264d7b27dbf0206da058b00c73b6579525

    SHA256

    f9a315886c8528cf8bb419a6e6fe06c2133a665bb4ecc928cfa38771492bac45

    SHA512

    03cf940624d6d804fae2cd8ff864a85213018fd950762d937fed368f6c18fe6c5227304a8e69dad8ee7cd2472b1052a1dc518de4343085076ae5c08d7a2619e8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    44cbbc318ffc7d8315d9808509b358f2

    SHA1

    c1e5cb26dce699056f65a1e29b5e7c8ad92846f8

    SHA256

    74beda52899094a106526c63398d793df6a811d54064ead3d4302284dca32094

    SHA512

    585f5b1b8a0dd1fc254d765d18760e225c4eb7f99f68490142fa4a5e22dd572fa5eb525aacbf1ec151387c211b802577fef0ea272b987cdcee0df9aebe52d598

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    36bf24729010247f427c5559fae9ed56

    SHA1

    33b7327c4ec474134b231aceb9ef14834cc050b1

    SHA256

    24ccb8b1c7f8eb9a97bc78b08cfcb5fd80e41394ba8eb393d959b2a8692690ab

    SHA512

    da38448eaf67242ea3ec4254fe6e761a52ace39b78c54aa291ff90d2210bcf35dd3c12b4093a50d29d5ecfccb61dd7d3a84b16d775bf28432372e2309e2178b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    93016c844e184af5b7af7fafd444765b

    SHA1

    188ea2566e30132c1362f3d4320836c19e6fca6b

    SHA256

    a7b58e088832b38695fa91d7449dca4abf9cca4e83dea3baab9dc7bfbce92f24

    SHA512

    e21146e43eb4726d29a1c6c364fb56df5e03017ad8d9c7a6a6f70904ba262fc1d2403c3ba9e2fd17ba553ed5c95d59f8b1fa4bf790fc8e943bb7901bc763ae0b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    822e663b422dd7bcf8c320a1f9ef82b4

    SHA1

    76672aa77ad0069dc1645198f3237c15489fa3eb

    SHA256

    ac87185f249391146b5bcabe2d83478c3faea4baab0bdd75c9e8444082ca118e

    SHA512

    b638d0f3ae1f4e8217fd36728fd7a003d07425a67893033e35393a5dbdc43ff85eb85ed4f4c242d6ff15cba73c1859631fc6f20ed102edc13f21efce084e8ea1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5ac212c67a21ed0747a175dc9ea13ce4

    SHA1

    8cda65d174c10def64050b3b4e8392a827475b1e

    SHA256

    2ef7eca05dc15dd1987069cd4c91ab3323300a4fc73a94bc640fa6c9cbf7e5a2

    SHA512

    42ae9368a17df08f072739719c193aa33fd5011dc31dbfb9539e6972eff51f95ba541eb469f7f1696157fa12dae9fffa13ebe841b112f4069c1c0d6fa13eb917

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7c0a2fd2b2facb97e3242f0f3d89b18e

    SHA1

    bb927eedb84a2a5bfb509d7422c0aa4a457db7ee

    SHA256

    0ac62f2a27fb96ccd8ca2e4e651e3e20ca88fbf44f8f678bf3e807d096719401

    SHA512

    00618b7fa3d9dcfd0de104e67c9d3418bfbedbddb0952d00396f14b07f38c1d571ab550051ee035e25d4d18980610a6f1298e0237e0677b48dfd47711b2e5f22

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e65d950c1ecffa88c7661ddc017531af

    SHA1

    dd5e2be9849ff4120501bde75d3590d53bcbf430

    SHA256

    7fece81d358f99a0bf36fc732d70c957678079c2af6bb559a9df29a8a0f10353

    SHA512

    b161bb37f512058fd4b864ea936074b9a8168ef3a4a08778e13b289e03256e531f8450d0ae83b02671c7cbade8a86d396313f76028f6f2bc62724da392a02329

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a119c926cb4356bc161e30ef0dc68ab

    SHA1

    489c43d1080d963e96d26a273e1e904d58a532f5

    SHA256

    9be0fe79aeb01e52a836b9dcf34dc18b18d844b0a139e459d71f8b64532bbc06

    SHA512

    6a2dbb7691e26577fd47cf34e8c898214e8d655da465621193e96284452c7933e82b7416aee0e8c7b161b7ac49ab6a4dfcc8d7872f9754d959e8ecb185cf3f68

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f73b64fb7d07ba9ccfd753c2f7d0504f

    SHA1

    4329d66b7a3b59ee584c46f21763660193b5bbd1

    SHA256

    64afa4b2ad1bdfda1ac0147a3d390cdc0ad2910e59ee8ac245527fce1fdb0086

    SHA512

    342a96cb351a77a8f10de3324da1ecaa586a07c63363cd59e3fa8247bdcb2bac0a9e7e9d8bf60d86fd0d7b2f7a2529afa9d6b3a4e06509e71bac85c0ae9b0dd9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    88f409b71fc0e7569eba9af09f6782a4

    SHA1

    7c42a0dacbdf43eadb9e7b8eb7b399d8c0270682

    SHA256

    41170b24afdd339134feae0de7cbb94adb02303d316f7dc5e0a44dde273cb52b

    SHA512

    e2d17ac350dea65f8df1208538f4fc22fb035d8b48e05507c3e537236f2b1e1bd28b2daad4ad6be9641bd31f99d5e10e0a5b9f39fa7a575445a2a97078fd2729

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6b86ab3a613b99b131af740e56de2532

    SHA1

    2996936e8bc970a81bdf7d4105ad56e2a19a3014

    SHA256

    d71f353b2555233344d13045399ee1f11209eacf0f3feb34182ab96945ff0a36

    SHA512

    54620ab7cee379c89ca99793e2ff20b512601d06dfa90e1f1e767156908cc33cc563bf1e062cecc79205d85895e098b02fd5a3edd17f128ab5d5100de5335afc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4b6c0b105c7d3265a2507bb821754c15

    SHA1

    55790209bfc0c09ed0a53cc59ac5ea58976611a4

    SHA256

    119ae706aa0f2922a3b48cdea8484a0781ee3e695777269fa331868c235c1418

    SHA512

    65279af9ed3ccfa29b202eb7a22333502c7d5ce3bd561ef085b98b65f5d4b0ea535ba32e6799132f93f1fb4d47a83ef3ef28bbafcddc926c83628adca63fba04

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    302894ab2122c1c2fdf3fa8309d43b32

    SHA1

    81193bda0eb78dec0a96747038309a4c99577fe5

    SHA256

    38ff9a78f20c79e818495a0a4da9d3039aeee0dff7a5609c10be765e7912a605

    SHA512

    8fa36b940ac975d262cb8b59111d2e5a4d0970ae0528dcd2e931095d8fb9427b9f3a1576422610e26ca7d89397fdd96e74d29b53dbc0d3ff9710ae818992c261

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    697cba58dfafb86087e9c3ef0b37b84a

    SHA1

    b4e7a21dec43b70eae7d82d7a8e6acdc5518d2e5

    SHA256

    7691c761c2143b9f17faafc78186ba8f6cb5d082d2dd534eac838a03b2ce6a21

    SHA512

    f3ba8769a66afce3ffd5327d4637d896b77509b5e0944484d605b0a0b16bde190e1be8acd5548ba2b7a67d121f6fa654a7d7b6b25d45c7f6982cdf210bdef11d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e0287edd744fd9ad59e70d21a7b92470

    SHA1

    d0c8e17e495a99a04897868e4d67b6747402c0ed

    SHA256

    750346e8064d50152c310986c0d45b90824ab3ae8d0b259043c42842d17c8bbb

    SHA512

    c339b2eb9c1033b69968423bdcf4035706dfe1ea7dfbc51f784601392445b3eb6b762bc101d1205ecd4296c0f4be41a1581dda90f6dbf1c6cb6fb75c2b6a9b3c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a93fc8351fed79b6f9304e1405bbc0ae

    SHA1

    0dd45ba2ec3a88ba776f9c3c924f758225d13bd8

    SHA256

    51f46d712ae324e73ccc29be97edc8369fbd54db880c436503b2f86dd3b211a6

    SHA512

    15d163006dcba57064a7f977b06affc28efecb84b14f5b93ac6caab706ac8965a9416b6aa58704c24cf145c07beaf0344cad6acee53af70f860f159fd3707348

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f59d9472c87e7ab22dff85a3cedeac4c

    SHA1

    90fe2c7d7f5ff4b7327773c7a277c339d26cd3b0

    SHA256

    ca441c2f8e0201ba2ece61c0b9abaa50e18afbbab53b4638743e927eb75ecca3

    SHA512

    cd34c52a4d18b82ac191695fc49b363adc3c04d123518f484347d124996097b8fdd1a1b66edec44abacc93c5adb5a51e7d56f34c7a419043a420898a76d542b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    53a9a07cc2e6cba5eb8bef39c638d7c0

    SHA1

    3ab3a2ac04fe930f8fb8ed3a0467c67782e596b7

    SHA256

    bc0bbbc876f579d70eec40de7537d747eae4fe20f536c07c21c6512915dc6647

    SHA512

    d2d291b9ae90d94228d8ea4e1bb039193b966a03cc2641b0113fcaf281b1de5e35848db30860f6a16dbc9980ae0ff55169f71b31738609f8b19410adfba20262

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    15eff70d34d8c9d3fb3f92eb163a6ff9

    SHA1

    0b76870f1b3ef6060137c23b2ce637eeca1fcd08

    SHA256

    986ae88e0ecdfd943e50d680d638a786710cf8e720feb590af6745c39bf1ee9f

    SHA512

    fe96a0f0a0da459d62aac644807da5522134f997cd9fe41caed419cbbaf2636b122a9997a3ba9547ebd0044f54b2f87fe1f077937b08eaf2690682ad4366c84d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    33f401cf356877f76dab5ca3e96ad412

    SHA1

    e04379808827f613e37210c7227982d375529191

    SHA256

    0da0892d62762b03e495496ae419a1e2c0e8a5a40547be95095a28f65d4b3f3a

    SHA512

    ea4a086dd429222554308cc286519b9c6bb9008ab87e357ef9fb3fd8a080d2be9235561b4067e5cb18cad9fa5b572a0ae5e46f9e5babedfb5ce504c6f42b82f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ca112b63256791b8f16b45dd0a9d545c

    SHA1

    572cfb1c618633562cbd9e94302b2be2d851eab7

    SHA256

    770547c09f85179abad4fdacdce9d91ecba0dda0df07d7f12c16de456ad8ae01

    SHA512

    925b2ff172e64731f6b173c006d8e0ccd56aff411eddff42c4fe090c3b790e8a3203b447ed615e343b18e85ab7c636aa4ef789ad19f119b8d856563dd9be2536

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    199d3e53740c3cdc65fa6251344d6aa8

    SHA1

    194b025e39ba74349a6794d780b49225a74bb652

    SHA256

    7788bd53048ede6e95ee6e3aac4dd74a3cc3c6bc72e76b27c42fb24e9653c18e

    SHA512

    b4bc4522434357a71c966b36f0aae5e69bfa7bcdfe53b9dbd5b1e5dc5998912707f8b4ac82058b751fefb60f738e16e1e00415332c29beadedce8cf0ee1f5c7c

  • C:\Users\Admin\AppData\Local\Temp\Cab9D1B.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Cab9E85.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar9EF7.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a