34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe
Size

50KB
MD5

cc2f99f534bed7b4338723119be4a546
SHA1

d07848b7cde8a815ef558f170206581b89c91ccc
SHA256

34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38
SHA512

85542775a3c8e23d0dcd9e0fa4751a073e53ebd2b7026faca497bdabc5b8b95a045f17e193b5f3ea2868ee337a9e081e2381e277bab927daf72fc8f3c109e558
SSDEEP

768:Cv7RBmwSG/Lr9dwqoKlV1eqrEXqVnzbgOeZh4hSdWUAohfjiT5edip:CvlCGjrZRlV1eCE6uJZh4hq0qfWT5M4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2152	kkaaya.exe

Loads dropped DLL 1 IoCs

pid	Process
2152	kkaaya.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\hra8.dll	kkaaya.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\kkaaya.exe	34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe
File opened for modification	C:\Windows\kkaaya.exe	34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	kkaaya.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	kkaaya.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1996	34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe

C:\Users\Admin\AppData\Local\Temp\34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe
"C:\Users\Admin\AppData\Local\Temp\34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
PID:1996

C:\Windows\kkaaya.exe
C:\Windows\kkaaya.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Checks processor information in registry
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\hra8.dll

Filesize
12KB

MD5
de61de242b5500304af17e4661100ea5

SHA1
ed6c1fce0696ce100a93f2d3cea83a0475947e4f

SHA256
3c373fde7222d1e3c5a13339d37f3b5752374210ae09974b4f17baa261c3b9a5

SHA512
b393464bfd694bb314cf9c8f3d19ab6750cc65d9e3506c1b91a8658a227e9f8614b1f65b8eaa7b7e844d7308b450e690627e3eb1a8101ca80917c62233d1473f

Download Submit
C:\Windows\kkaaya.exe

Filesize
50KB

MD5
cc2f99f534bed7b4338723119be4a546

SHA1
d07848b7cde8a815ef558f170206581b89c91ccc

SHA256
34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38

SHA512
85542775a3c8e23d0dcd9e0fa4751a073e53ebd2b7026faca497bdabc5b8b95a045f17e193b5f3ea2868ee337a9e081e2381e277bab927daf72fc8f3c109e558

Download Submit
memory/1996-2-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download