Overview

overview

5

Static

static

3

AddOn/Main...On.dll

windows10-2004-x64

1

Documents/KxRun.exe

windows10-2004-x64

3

Documents/...DE.pdf

windows10-2004-x64

1

Documents/...EN.pdf

windows10-2004-x64

1

Documents/...ES.pdf

windows10-2004-x64

1

Documents/...FR.pdf

windows10-2004-x64

1

Documents/...IT.pdf

windows10-2004-x64

1

Documents/...JA.pdf

windows10-2004-x64

1

Documents/...NL.pdf

windows10-2004-x64

1

Documents/...PT.pdf

windows10-2004-x64

1

Documents/...RU.pdf

windows10-2004-x64

1

KMNV.dll

windows10-2004-x64

1

KNV LA/License_DE.rtf

windows10-2004-x64

1

KNV LA/License_EN.rtf

windows10-2004-x64

1

KNV LA/License_ES.rtf

windows10-2004-x64

1

KNV LA/License_FR.rtf

windows10-2004-x64

1

KNV LA/License_IT.rtf

windows10-2004-x64

1

KNV LA/License_JA.rtf

windows10-2004-x64

1

KNV LA/License_KO.rtf

windows10-2004-x64

1

KNV LA/License_NL.rtf

windows10-2004-x64

1

KNV LA/Lic...BR.rtf

windows10-2004-x64

1

KNV LA/License_RU.rtf

windows10-2004-x64

1

KNV LA/Lic...CH.rtf

windows10-2004-x64

1

KNV LA/Lic...CH.rtf

windows10-2004-x64

1

KNV/Netviewer.exe

windows10-2004-x64

3

KmInst32.exe

windows10-2004-x64

1

KmInst64.exe

windows10-2004-x64

1

KmInstall.exe

windows10-2004-x64

5

Readme.html

windows10-2004-x64

1

Readme_j.html

windows10-2004-x64

1

Setup.exe

windows10-2004-x64

1

support/Setup.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    449s
  • max time network
    489s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    support/Setup.exe

  • Size

    729KB

  • MD5

    cb08d2324d119294865bf9364945b4ea

  • SHA1

    8ce3570f4c2022eb2f8eac3ffc9461396c27ff29

  • SHA256

    7b9849e77e316f051a0290b5d14629b776dd15d9dcf1ce0ad10d4cc21079dd8e

  • SHA512

    3c22ddc0ce21eafa4cab79f13cfbffbd950a1155308efc9217198980cf117a770e66ced5256cb9e762c56471c95b1ff8325b99ef52725cb6fc5f99887d2cb55b

  • SSDEEP

    12288:9Uc4qkHijwsVeWPehCdsYmoVanxf+yvAr4JQh:9Uc4pGwsPPe33oKbvuHh

Score
5/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\support\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\support\Setup.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    PID:1708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads