Overview

overview

3

Static

static

1

koalahook-...ook.py

windows7-x64

3

koalahook-...ook.py

windows10-2004-x64

3

koalahook-...un.bat

windows7-x64

1

koalahook-...un.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    koalahook-main/koalahook.py

  • Size

    11KB

  • MD5

    119bcef66ce9ecfdd53d29fe61d7d57a

  • SHA1

    61adb83679b95f8b8093f8e6132d5d725919f4b4

  • SHA256

    83a757a698e7e478d67365af75781af1cea336cdfbea7026fba6183b6e8906ea

  • SHA512

    830045c85e2df03809c140ce78874ced5e1bbc13c9d6d4f4881b3243b7d6480b78148eceb7d9a6e47ec9bb8b614a3f4ec8c59d6421337e21f028d1d7d4f7a0f2

  • SSDEEP

    192:dMiNyNADAnFcaA8AcTg/TYGQIiRw+Z+Y+Y+U1aXeFNDtIrmNtn:dHoAD2maA81Tg/TYGRiRw+IY+G1tFh1F

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\koalahook-main\koalahook.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\koalahook-main\koalahook.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\koalahook-main\koalahook.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    021591dea7ae1f389344b092b20c22f1

    SHA1

    45acb426c8957a7b1d62fea8a29b6461b51bae08

    SHA256

    4c73b9c0cccdc0e2aeb2bb766b5ce6f019affbce25cbb6b59470aa20bb3f61b2

    SHA512

    3f8696af6b127094427333ef80bb41dec31b8fe56765ed8f8eee6cbd8186337cb3f2cc5bf91da0114543125b286e30507b5aed515f587bddaa091fafe204bd36

    Download Submit