Analysis
-
max time kernel
50s -
max time network
39s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
26/05/2024, 02:32
Behavioral task
behavioral1
Sample
Karma/Karma.exe
Resource
win10-20240404-en
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
Karma/main.exe
Resource
win10-20240404-en
2 signatures
150 seconds
General
-
Target
Karma/Karma.exe
-
Size
17.8MB
-
MD5
c7cdc36aa916c21f66150d399e92d40b
-
SHA1
32d2239a4a3cc2d3964a9500c6c8bfc3e57ada4a
-
SHA256
7b61415cdf55c6ff24eb2417af54c9b247743dd92603eb9a889561181e01a884
-
SHA512
f1f58f821169131e5cfd33c15baa73f1613d083932239aa90381113170f065cf54fbe9f312fabbc592670b846eeca7f844f60262b5896ad855f4e65226786515
-
SSDEEP
393216:1Nyz+pPwtWw6jSvBi/fhW1ribMgSS0fUMCnB0rF+GbW5KDcL:bg+pPw4w6jSvBli4PBrFtkKE
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/3080-9-0x0000000140000000-0x000000014212C000-memory.dmp upx behavioral1/memory/3080-12-0x0000000140000000-0x000000014212C000-memory.dmp upx behavioral1/memory/3080-14-0x0000000140000000-0x000000014212C000-memory.dmp upx -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3080 Karma.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
pid Process 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe 3080 Karma.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3080 Karma.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3080 Karma.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3080 Karma.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Karma\Karma.exe"C:\Users\Admin\AppData\Local\Temp\Karma\Karma.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3080