ae4ec7df6579c694aaf345c18f3f0bf512d4f81bb9ffe3f0e79237c6c012d59b | Triage

Analysis

max time kernel
134s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:52

Sharing

Report Analysis Logs

General

Target

Kainite Cleaner.exe
Size

1.6MB
MD5

66ddcfdd8382e64005d237d90cebfaa5
SHA1

801309778151e2ae47c67fc0e895a7cc6454f14f
SHA256

ae4ec7df6579c694aaf345c18f3f0bf512d4f81bb9ffe3f0e79237c6c012d59b
SHA512

4397850faf768a27816defa1ace98594d76cd858170f783665848dd017b15f64d24db577487243dda09115fd07e28361614e5be27240399e9592842795a1725b
SSDEEP

49152:lesTOB4ynYygOvXsMruROZyUpWvWOLZkOR:

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

Kainite Cleaner.exe

description ioc process

File created C:\Windows\debug\fn.bat Kainite Cleaner.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Kainite Cleaner.exe

description	pid	process	target process
PID 920 wrote to memory of 1440	920	Kainite Cleaner.exe	cmd.exe
PID 920 wrote to memory of 1440	920	Kainite Cleaner.exe	cmd.exe
PID 920 wrote to memory of 2548	920	Kainite Cleaner.exe	cmd.exe
PID 920 wrote to memory of 2548	920	Kainite Cleaner.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Kainite Cleaner.exe
"C:\Users\Admin\AppData\Local\Temp\Kainite Cleaner.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
2⤵
PID:1440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\debug\fn.bat
2⤵
PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\debug\fn.bat
Filesize
1.5MB

MD5
f3d83ab1a34871110ad70f447472c3ed

SHA1
b08b8d9e133bf5fe6f94094c41e5a005b8fff658

SHA256
276a2b7a04c9d0934ccb9013b369039b3582ba6d4b2a3004c12e72d9534b71ed

SHA512
9ee484d6b7d32e7e13b5a970cbed26f864183dacf298f34fe25d709f58c4a877b996bb3bea6575b31c282728babf83090da0a9d3420a357393362fb8cd0c1878

Download Submit