7216809508038bb48101492a4e93434173b059afb68200ef919557286032cee9

Analysis

max time kernel
49s
max time network
16s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krampus/krampus/Loader5.6.exe
Size

7.8MB
MD5

cf09d3f1d78438e003feb105fe2f6d90
SHA1

fed0f385b5d2bb6e392ce23412ed36c9a1c39c96
SHA256

1e76b2cde512e006d147f7b75afb43361dff5b60143d68b2bc1575b36d69508f
SHA512

ab00c69ca51491f3b096d9eecc7b205c847a07ca5f5ebc33c800e698202c0982c49c7301a89912548e8b0166e45de40b0c411cd0a630586c470f0a368a828682
SSDEEP

196608:A3v65mVHWqmI3x57Dnnm02ApYF8+iWzJ:A/5V2qm0xl76/di

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2984	Loader5.6.exe
2204	untitled.exe

Loads dropped DLL 3 IoCs

pid	Process
3056	Loader5.6.exe
3056	Loader5.6.exe
3056	Loader5.6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2984	3056	Loader5.6.exe	28
PID 3056 wrote to memory of 2984	3056	Loader5.6.exe	28
PID 3056 wrote to memory of 2984	3056	Loader5.6.exe	28
PID 3056 wrote to memory of 2204	3056	Loader5.6.exe	29
PID 3056 wrote to memory of 2204	3056	Loader5.6.exe	29
PID 3056 wrote to memory of 2204	3056	Loader5.6.exe	29

C:\Users\Admin\AppData\Local\Temp\krampus\krampus\Loader5.6.exe
"C:\Users\Admin\AppData\Local\Temp\krampus\krampus\Loader5.6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\Loader5.6.exe
  "C:\Users\Admin\AppData\Local\Temp\Loader5.6.exe"
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Users\Admin\AppData\Local\Temp\untitled.exe
  "C:\Users\Admin\AppData\Local\Temp\untitled.exe"
  2⤵
  - Executes dropped EXE
  PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Loader5.6.exe

Filesize
5.4MB

MD5
88615d38e17f6a7e0a9c9d234f291f86

SHA1
3581e8509bdd4fa1c1e87fe4fead7932fbc6020a

SHA256
3847652b6732742683145cb2963ea45b387e037862190fa039d1ce4a97dac338

SHA512
9f365b551629a24119672f53eaf16db6a1763316d950717f604b2849089fedf8d449bdac88ec4bd1f4e3b38dd49989b8be2f350d5689a53ad75dc05184845626

Download Submit
C:\Users\Admin\AppData\Local\Temp\untitled.exe

Filesize
2.5MB

MD5
60619a6deeb30a6bfd203f7b4a0b2653

SHA1
760157c6cdf53d0568057db97a446b7f946bc58d

SHA256
e5a0ba2b2a64043c00fcf55955f4b6581e37bc1a294500bdabfaf74ce9d20b59

SHA512
58cad4ce4ad9d952ee3bde71650f09cb9f532e0abedbf7c77c0e00095fdb509e75ab0cc800b58261be46bf97ca4e95523374b536cf148ece0005786ec67e5dca

Download Submit
memory/2204-15-0x000000013F910000-0x000000013FA0C000-memory.dmp

Filesize
1008KB

Download
memory/2204-16-0x000000013F910000-0x000000013FA0C000-memory.dmp

Filesize
1008KB

Download
memory/3056-0-0x000007FEF5ED3000-0x000007FEF5ED4000-memory.dmp

Filesize
4KB

Download
memory/3056-1-0x00000000008F0000-0x00000000010CA000-memory.dmp

Filesize
7.9MB

Download