Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 01:52
Static task
static1
Behavioral task
behavioral1
Sample
Kainite Cleaner.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Kainite Cleaner.exe
Resource
win10v2004-20240426-en
General
-
Target
Kainite Cleaner.exe
-
Size
1.6MB
-
MD5
66ddcfdd8382e64005d237d90cebfaa5
-
SHA1
801309778151e2ae47c67fc0e895a7cc6454f14f
-
SHA256
ae4ec7df6579c694aaf345c18f3f0bf512d4f81bb9ffe3f0e79237c6c012d59b
-
SHA512
4397850faf768a27816defa1ace98594d76cd858170f783665848dd017b15f64d24db577487243dda09115fd07e28361614e5be27240399e9592842795a1725b
-
SSDEEP
49152:lesTOB4ynYygOvXsMruROZyUpWvWOLZkOR:
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
Processes:
Kainite Cleaner.exedescription ioc process File created C:\Windows\debug\fn.bat Kainite Cleaner.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
Kainite Cleaner.exedescription pid process target process PID 2944 wrote to memory of 2648 2944 Kainite Cleaner.exe cmd.exe PID 2944 wrote to memory of 2648 2944 Kainite Cleaner.exe cmd.exe PID 2944 wrote to memory of 2648 2944 Kainite Cleaner.exe cmd.exe PID 2944 wrote to memory of 2752 2944 Kainite Cleaner.exe cmd.exe PID 2944 wrote to memory of 2752 2944 Kainite Cleaner.exe cmd.exe PID 2944 wrote to memory of 2752 2944 Kainite Cleaner.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Kainite Cleaner.exe"C:\Users\Admin\AppData\Local\Temp\Kainite Cleaner.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
C:\Windows\system32\cmd.execmd /c C:\Windows\debug\fn.bat2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\debug\fn.batFilesize
1.5MB
MD5f3d83ab1a34871110ad70f447472c3ed
SHA1b08b8d9e133bf5fe6f94094c41e5a005b8fff658
SHA256276a2b7a04c9d0934ccb9013b369039b3582ba6d4b2a3004c12e72d9534b71ed
SHA5129ee484d6b7d32e7e13b5a970cbed26f864183dacf298f34fe25d709f58c4a877b996bb3bea6575b31c282728babf83090da0a9d3420a357393362fb8cd0c1878