dd14793ef07cb6f73ead351e97aa7789629129501cc1f50a365e402ea937ae9a

Analysis

max time kernel
844s
max time network
847s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hit sync the kryhon‮4pm.exe
Size

75.0MB
MD5

2f26151ebf3a3804c239998fa482621d
SHA1

a10a1161ed337a069cf02dac22a2952dfe46bc81
SHA256

dd14793ef07cb6f73ead351e97aa7789629129501cc1f50a365e402ea937ae9a
SHA512

cce3e9775657f5b2d21738c99ffeed6f89f25baa383aa0e5ec6ce951d33791178c3c87c22988ee9407f347316007cb36ccb7ab9744fb26335bd294c623a206dc
SSDEEP

1572864:W12PFEnLoJ+jO2hMNml/KUTG5JsMA9H4W1QULyBuxVxLjjJdp8joQ:WcPFE763UWsMA9H4W1QUmBu/NjjKoQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2944	pols.scr
2444	Jump King 3D game.exe
3016	Jump King 3D game.exe
1212	Process not Found

Loads dropped DLL 6 IoCs

pid	Process
1460	hit sync the kryhon‮4pm.exe
1460	hit sync the kryhon‮4pm.exe
1460	hit sync the kryhon‮4pm.exe
2944	pols.scr
2444	Jump King 3D game.exe
3016	Jump King 3D game.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1448	DllHost.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 2944	1460	hit sync the kryhon‮4pm.exe	29
PID 1460 wrote to memory of 2944	1460	hit sync the kryhon‮4pm.exe	29
PID 1460 wrote to memory of 2944	1460	hit sync the kryhon‮4pm.exe	29
PID 1460 wrote to memory of 2944	1460	hit sync the kryhon‮4pm.exe	29
PID 2944 wrote to memory of 2444	2944	pols.scr	30
PID 2944 wrote to memory of 2444	2944	pols.scr	30
PID 2944 wrote to memory of 2444	2944	pols.scr	30
PID 2944 wrote to memory of 2444	2944	pols.scr	30
PID 2444 wrote to memory of 3016	2444	Jump King 3D game.exe	31
PID 2444 wrote to memory of 3016	2444	Jump King 3D game.exe	31
PID 2444 wrote to memory of 3016	2444	Jump King 3D game.exe	31

C:\Users\Admin\AppData\Local\Temp\hit sync the kryhon‮4pm.exe
"C:\Users\Admin\AppData\Local\Temp\hit sync the kryhon‮4pm.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\pols.scr
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\pols.scr" /S
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\RarSFX1\Jump King 3D game.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX1\Jump King 3D game.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX1\Jump King 3D game.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX1\Jump King 3D game.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3016

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\pobrane.jpg

Filesize
4KB

MD5
40b0521f05b4a10c1840a69c2336117a

SHA1
a1714e0a3f8a9bb5049c36f37af6b03a89d79e15

SHA256
fa9a15ddbd5bf4ab5385a202300571e0319cb35ad50bfd246e1d770d697160d1

SHA512
965ac4394a91c39d29c36c156f845e1084020edebfa579443022a8beb4121ed732afd4f229a47cc12847f788d398d29846b136f6699c0362f13a7823195c951f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Africa\Conakry

Filesize
130B

MD5
796a57137d718e4fa3db8ef611f18e61

SHA1
23f0868c618aee82234605f5a0002356042e9349

SHA256
f3e7fcaa0e9840ff4169d3567d8fb5926644848f4963d7acf92320843c5d486e

SHA512
64a8de7d9e2e612a6e9438f2de598b11fecc5252052d92278c96dd6019abe7465e11c995e009dfbc76362080217e9df9091114bdbd1431828842348390cb997b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Africa\Djibouti

Filesize
191B

MD5
fe54394a3dcf951bad3c293980109dd2

SHA1
4650b524081009959e8487ed97c07a331c13fd2d

SHA256
0783854f52c33ada6b6d2a5d867662f0ae8e15238d2fce7b9ada4f4d319eb466

SHA512
fe4cf1dd66ae0739f1051be91d729efebde5459967bbe41adbdd3330d84d167a7f8db6d4974225cb75e3b2d207480dfb3862f2b1dda717f33b9c11d33dcac418

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Africa\Kigali

Filesize
131B

MD5
a87061b72790e27d9f155644521d8cce

SHA1
78de9718a513568db02a07447958b30ed9bae879

SHA256
fd4a97368230a89676c987779510a9920fe8d911fa065481536d1048cd0f529e

SHA512
3f071fd343d4e0f5678859c4f7f48c292f8b9a3d62d1075938c160142defd4f0423d8f031c95c48119ac71f160c9b6a02975841d49422b61b542418b8a63e441

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Africa\Lagos

Filesize
180B

MD5
89de77d185e9a76612bd5f9fb043a9c2

SHA1
0c58600cb28c94c8642dedb01ac1c3ce84ee9acf

SHA256
e5ef1288571cc56c5276ca966e1c8a675c6747726d758ecafe7effce6eca7be4

SHA512
e2fb974fa770639d56edc5f267306be7ee9b00b9b214a06739c0dad0403903d8432e1c7b9d4322a8c9c31bd1faa8083e262f9d851c29562883ca3933e01d018c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\America\Curacao

Filesize
177B

MD5
92d3b867243120ea811c24c038e5b053

SHA1
ade39dfb24b20a67d3ac8cc7f59d364904934174

SHA256
abbe8628dd5487c889db816ce3a5077bbb47f6bafafeb9411d92d6ef2f70ce8d

SHA512
1eee8298dffa70049439884f269f90c0babcc8e94c5ccb595f12c8cfe3ad12d52b2d82a5853d0ff4a0e4d6069458cc1517b7535278b2fdef145e024e3531daad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\America\Toronto

Filesize
1KB

MD5
628174eba2d7050564c54d1370a19ca8

SHA1
e350a7a426e09233cc0af406f5729d0ab888624f

SHA256
ad2d427ab03715175039471b61aa611d4fdf33cfb61f2b15993ec17c401ba1e5

SHA512
e12bf4b9a296b4b2e8288b3f1e8f0f3aeaee52781a21f249708e6b785a48100feab10ac8ba10ac8067e4b84312d3d94ed5878a9bda06c63efe96322f05ebbc6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Etc\Greenwich

Filesize
111B

MD5
e7577ad74319a942781e7153a97d7690

SHA1
91d9c2bf1cbb44214a808e923469d2153b3f9a3f

SHA256
dc4a07571b10884e4f4f3450c9d1a1cbf4c03ef53d06ed2e4ea152d9eba5d5d7

SHA512
b4bc0ddba238fcab00c99987ea7bd5d5fa15967eceba6a2455ecd1d81679b4c76182b5a9e10c004b55dc98abc68ce0912d4f42547b24a22b0f5f0f90117e2b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Europe\London

Filesize
1KB

MD5
d111147703d04769072d1b824d0ddc0c

SHA1
0c99c01cad245400194d78f9023bd92ee511fbb1

SHA256
676541f0b8ad457c744c093f807589adcad909e3fd03f901787d08786eedbd33

SHA512
21502d194dfd89ac66f3df6610cb7725936f69faafb6597d4c22cec9d5e40965d05dd7111de9089bc119ec2b701fea664d3cb291b20ae04d59bcbd79e681d07a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Europe\Oslo

Filesize
705B

MD5
2577d6d2ba90616ca47c8ee8d9fbca20

SHA1
e8f7079796d21c70589f90d7682f730ed236afd4

SHA256
a7fd9932d785d4d690900b834c3563c1810c1cf2e01711bcc0926af6c0767cb7

SHA512
f228ca1ef2756f955566513d7480d779b10b74a8780f2c3f1768730a1a9ae54c5ac44890d0690b59df70c4194a414f276f59bb29389f6fa29719cb06cb946ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Europe\Skopje

Filesize
478B

MD5
a4ac1780d547f4e4c41cab4c6cf1d76d

SHA1
9033138c20102912b7078149abc940ea83268587

SHA256
a8c964f3eaa7a209d9a650fb16c68c003e9a5fc62ffbbb10fa849d54fb3662d6

SHA512
7fd5c4598f9d61a3888b4831b0c256ac8c07a5ae28123f969549ae3085a77fece562a09805c44eab7973765d850f6c58f9fcf42582bdd7fd0cdba6cd3d432469

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\PRC

Filesize
393B

MD5
dff9cd919f10d25842d1381cdff9f7f7

SHA1
2aa2d896e8dde7bc74cb502cd8bff5a2a19b511f

SHA256
bf8b7ed82fe6e63e6d98f8cea934eeac901cd16aba85eb5755ce3f8b4289ea8a

SHA512
c6f4ef7e4961d9f5ae353a5a54d5263fea784255884f7c18728e05806d7c80247a2af5d9999d805f40b0cc86a580a3e2e81135fdd49d62876a15e1ab50e148b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Pacific\Wallis

Filesize
134B

MD5
ba8d62a6ed66f462087e00ad76f7354d

SHA1
584a5063b3f9c2c1159cebea8ea2813e105f3173

SHA256
09035620bd831697a3e9072f82de34cfca5e912d50c8da547739aa2f28fb6d8e

SHA512
9c5dba4f7c71d5c753895cbfdb01e18b9195f7aad971948eb8e8817b7aca9b7531ca250cdce0e01a5b97ba42c1c9049fd93a2f1ed886ef9779a54babd969f761

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\Pacific\Yap

Filesize
154B

MD5
bcf8aa818432d7ae244087c7306bcb23

SHA1
5a91d56826d9fc9bc84c408c581a12127690ed11

SHA256
683001055b6ef9dc9d88734e0eddd1782f1c3643b7c13a75e9cf8e9052006e19

SHA512
d5721c5bf8e1df68fbe2c83bb5cd1edea331f8be7f2a7ef7a6c45f1c656857f2f981adb2c82d8b380c88b1ddea6abb20d692c45403f9562448908637d70fa221

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24442\tzdata\zoneinfo\UCT

Filesize
111B

MD5
51d8a0e68892ebf0854a1b4250ffb26b

SHA1
b3ea2db080cd92273d70a8795d1f6378ac1d2b74

SHA256
fddce1e648a1732ac29afd9a16151b2973cdf082e7ec0c690f7e42be6b598b93

SHA512
4d0def0cd33012754835b27078d64141503c8762e7fb0f74ac669b8e2768deeba14900feef6174f65b1c3dd2ea0ce9a73bba499275c1c75bcae91cd266262b78

Download Submit
memory/1448-6-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1448-5-0x00000000000B0000-0x00000000000B2000-memory.dmp

Filesize
8KB

Download
memory/1448-4560-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1460-4-0x0000000000DD0000-0x0000000000DD2000-memory.dmp

Filesize
8KB

Download