Overview

overview

6

Static

static

3

King 2.0/A...UI.dll

windows7-x64

1

King 2.0/A...UI.dll

windows10-2004-x64

1

King 2.0/A...or.exe

windows7-x64

1

King 2.0/A...or.exe

windows10-2004-x64

1

King 2.0/A...on.bat

windows7-x64

1

King 2.0/A...on.bat

windows10-2004-x64

1

King 2.0/A...ct.bat

windows7-x64

1

King 2.0/A...ct.bat

windows10-2004-x64

King 2.0/A...on.bat

windows7-x64

1

King 2.0/A...on.bat

windows10-2004-x64

1

King 2.0/A...ct.bat

windows7-x64

1

King 2.0/A...ct.bat

windows10-2004-x64

1

King 2.0/B....3.dll

windows7-x64

1

King 2.0/B....3.dll

windows10-2004-x64

1

King 2.0/C...UI.dll

windows7-x64

1

King 2.0/C...UI.dll

windows10-2004-x64

1

King 2.0/C... C.exe

windows7-x64

1

King 2.0/C... C.exe

windows10-2004-x64

King 2.0/FlatUI.dll

windows7-x64

1

King 2.0/FlatUI.dll

windows10-2004-x64

1

King 2.0/King.dll

windows7-x64

1

King 2.0/King.dll

windows10-2004-x64

1

King 2.0/King.exe

windows7-x64

6

King 2.0/King.exe

windows10-2004-x64

6

King 2.0/S...tan.js

windows7-x64

1

King 2.0/S...tan.js

windows10-2004-x64

1

King 2.0/S...TED.js

windows7-x64

1

King 2.0/S...TED.js

windows10-2004-x64

1

King 2.0/S...ANT.js

windows7-x64

1

King 2.0/S...ANT.js

windows10-2004-x64

1

King 2.0/S..._v2.js

windows7-x64

1

King 2.0/S..._v2.js

windows10-2004-x64

1

Analysis

  • max time kernel
    54s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-04-2024 11:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    King 2.0/ANTI-BAN/vpnconnector/VpnConnection.bat

  • Size

    123B

  • MD5

    20a1d3f0643128705c34b3b148986a0f

  • SHA1

    496d0d032b5a5238655036653f554293e9d4a1e8

  • SHA256

    0de66efd3f7059d2357dfe97c34f8dfed1b68f2f48156c55858447620381cbe9

  • SHA512

    a02cf93e5786a71d48db20008d947e8c46f4fa6edc1a8f0329aff5efdb693ef8bccfce2e23a5d91d1572f4bd28e6aa81beea205794ed60e37b4b2dcbe848f8e2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\King 2.0\ANTI-BAN\vpnconnector\VpnConnection.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:724
    • C:\Windows\system32\rasdial.exe
      rasdial "VPN" vpnbook bgxz34 /phonebook:"E:\Study Materials\Projects\myVPN\myVPN\bin\Debug\vpnconnector\VpnConnection.pbk"
      2⤵
        PID:4272

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads