06c97ce5947a4060370086fdebc3d47139c16dda242e58a843c4fc88edaf260a

Analysis

max time kernel
1791s
max time network
1172s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
09/06/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KeyGen.exe
Size

973KB
MD5

9431c78e394ab96709349391dda60aeb
SHA1

dfc15a782c3abcfbbf15ddd31f628305ac5fe620
SHA256

06c97ce5947a4060370086fdebc3d47139c16dda242e58a843c4fc88edaf260a
SHA512

7befe803d2a588b3fafb46178dfcacd989ee0b8759d3462171c975a8fc800371741e1a030089afd9b099b2723200089ceb37edc47bb904baecceb32ccee52f1f
SSDEEP

24576:8a8xnH98GXpOIjuICWYRm2ufCyZtqNcGqRoyDEJ:YxnHmGXQICImRm2gqSG5yAJ

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2840	KeyGen.exe
2840	KeyGen.exe
2840	KeyGen.exe
2840	KeyGen.exe
2840	KeyGen.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2840-2-0x0000000063000000-0x00000000631C2000-memory.dmp	upx
behavioral1/memory/2840-4-0x0000000063000000-0x00000000631C2000-memory.dmp	upx
behavioral1/memory/2840-3-0x0000000063000000-0x00000000631C2000-memory.dmp	upx
behavioral1/memory/2840-1-0x0000000063000000-0x00000000631C2000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1480	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1480	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\KeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\KeyGen.exe"
1⤵
- Loads dropped DLL
PID:2840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VESojxFbQShSCPSAEFla.DLL

Filesize
35KB

MD5
76a9565c5f51775719eebda1f25530a5

SHA1
332feae4dba6b4a93bebea7a881a0fa758891091

SHA256
a1a7c4f74d4fe7784ed03709e5f946b94cc10a64e3ae0ad5a9a3bece9a8a2c0a

SHA512
79c9af704d1626cad9d44470585baf8d5f082b5d77c285fc6ae4862e99439f838fe9b1e745f8f2487fa64d5d7304954f66d0cef222db4dc9095a7294172094e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\hOjyCuekpDJvgmwWHtFX.DLL

Filesize
12KB

MD5
e6144fb36c1fdc6ba1d1afa9632588f8

SHA1
c4964264c6600fde210a644b639e2ea25ecb67e6

SHA256
b141412d0611571df381c26186b3fc438c725d6e45ad66fd76413322c17a9ac6

SHA512
400ca4e2ad987a88429da21d795f7365bd230ed4225e19b7841dcc09606e0afde2f3cc31aa8be4ee83dd3c6b0339cb2c13953523bdc8d2f547d953c6c6c8d339

Download Submit
C:\Users\Admin\AppData\Local\Temp\kFtXOkxfmq.DLL

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
memory/2840-0-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-2-0x0000000063000000-0x00000000631C2000-memory.dmp

Filesize
1.8MB

Download
memory/2840-4-0x0000000063000000-0x00000000631C2000-memory.dmp

Filesize
1.8MB

Download
memory/2840-3-0x0000000063000000-0x00000000631C2000-memory.dmp

Filesize
1.8MB

Download
memory/2840-1-0x0000000063000000-0x00000000631C2000-memory.dmp

Filesize
1.8MB

Download
memory/2840-28-0x0000000002EB2000-0x0000000002EB3000-memory.dmp

Filesize
4KB

Download
memory/2840-27-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-30-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-29-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-32-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-31-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-34-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-33-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-36-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-35-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-38-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-37-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-39-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-40-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-42-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-41-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-44-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-43-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-45-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-46-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-47-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-48-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-50-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-49-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-52-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-51-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-53-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-54-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-56-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-55-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-58-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-57-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-59-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-60-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-62-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-61-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-64-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-63-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-66-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-65-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-68-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-67-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-70-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-69-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-72-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-71-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-74-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-73-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-76-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-75-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-78-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-77-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-80-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-79-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-82-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-81-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-84-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-83-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-86-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-85-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-88-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-87-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2840-90-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

Filesize
76KB

Download
memory/2840-89-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads