Overview

overview

7

Static

static

7

KAKEInjector.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1800s
  • max time network
    1179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KAKEInjector.exe

  • Size

    13.5MB

  • MD5

    f1053bd6f2f6b5dd74d81af9db452f1f

  • SHA1

    aa5f30c818dd8196e569c39126e73fb277fdc787

  • SHA256

    cfc350c17f9f21c3cee709494d8945190be0d4838698e9161094f53f52c1bd02

  • SHA512

    fc7455866addddda8850994b7b14f3dc3ad565f0dc5b6005699ea2a85b849cc3c331039905b19705e42d5194d65cbb9a1d3040be84636db14ff79eea963c204c

  • SSDEEP

    393216:LD1rmILrAI3XmgJyL/s2jeUaUXtnseecncyeaGNjRtP7J/2g:n1rTvBXmUwljCebcyfGzl9

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe
    "C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3820
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3732
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\KAKEInjector.exe" MD5
        3⤵
          PID:2824
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:3548
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:2104

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3820-0-0x00007FF7422ED000-0x00007FF742E24000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/3820-1-0x00007FFB72AD0000-0x00007FFB72AD2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3820-2-0x00007FFB72AE0000-0x00007FFB72AE2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3820-3-0x00007FF742240000-0x00007FF743BA8000-memory.dmp

          Filesize

          25.4MB

          Download

        • memory/3820-7-0x00007FF7422ED000-0x00007FF742E24000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/3820-8-0x00007FF742240000-0x00007FF743BA8000-memory.dmp

          Filesize

          25.4MB

          Download