Malware Analysis Report

2024-11-30 23:34

Sample ID 240426-r2jfpsee6y
Target MKiN8877.exe
SHA256 656fe7b8c0235991ef9bd95b8f3daec829d515cdf8f6780acd52d232f6f073f2
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

656fe7b8c0235991ef9bd95b8f3daec829d515cdf8f6780acd52d232f6f073f2

Threat Level: Likely benign

The file MKiN8877.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-26 14:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-26 14:41

Reported

2024-04-26 14:42

Platform

win7-20240221-en

Max time kernel

48s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe"

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe

"C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 1072

Network

Country Destination Domain Proto
US 8.8.8.8:53 pantyl.com udp
US 192.185.56.94:443 pantyl.com tcp

Files

memory/1912-0-0x0000000000260000-0x0000000000292000-memory.dmp

memory/1912-1-0x0000000074790000-0x0000000074E7E000-memory.dmp

memory/1912-2-0x0000000001FB0000-0x0000000001FF0000-memory.dmp

memory/1912-3-0x0000000074790000-0x0000000074E7E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-26 14:41

Reported

2024-04-26 14:44

Platform

win10v2004-20240419-en

Max time kernel

55s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe"

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe

"C:\Users\Admin\AppData\Local\Temp\MKiN8877.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3768 -ip 3768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 1384

Network

Country Destination Domain Proto
US 8.8.8.8:53 pantyl.com udp

Files

memory/3768-0-0x0000000000AA0000-0x0000000000AD2000-memory.dmp

memory/3768-1-0x0000000074AA0000-0x0000000075250000-memory.dmp

memory/3768-2-0x00000000055A0000-0x00000000055B0000-memory.dmp

memory/3768-3-0x0000000074AA0000-0x0000000075250000-memory.dmp