d7d47aa5796cad499374b284e865f715e7496efca16566add1c3a505730259de

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kk_setup_game_10_1.exe
Size

7.2MB
MD5

8d2d8b15b7e189f9c6bd824f10f5cf25
SHA1

20806d79188ace4a37f027803ca489065d70e42e
SHA256

26fd98df14e64e47b3f93f672f23844d201021b3481f9f712f7fb873677cf1cd
SHA512

0d0a4adce186e9dc3a11fb1ad53d374aee2d0366233004b476a6a57836102036bbccc7e6b773d6c69bf75cc6580ef23ad2fbd064b19b1d78364f5f74d5d014c9
SSDEEP

196608:QLbtHcRN4lBmt0LqWoxkGS4P6RJF3E/8/5:QftHcb4lVqNDS4PMJFLB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2512	kkdownload.exe

Loads dropped DLL 7 IoCs

pid	Process
1252	kk_setup_game_10_1.exe
1252	kk_setup_game_10_1.exe
1252	kk_setup_game_10_1.exe
1252	kk_setup_game_10_1.exe
1252	kk_setup_game_10_1.exe
2512	kkdownload.exe
1252	kk_setup_game_10_1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1252	kk_setup_game_10_1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2512	1252	kk_setup_game_10_1.exe	28
PID 1252 wrote to memory of 2512	1252	kk_setup_game_10_1.exe	28
PID 1252 wrote to memory of 2512	1252	kk_setup_game_10_1.exe	28
PID 1252 wrote to memory of 2512	1252	kk_setup_game_10_1.exe	28

C:\Users\Admin\AppData\Local\Temp\kk_setup_game_10_1.exe
"C:\Users\Admin\AppData\Local\Temp\kk_setup_game_10_1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1252
- C:\ProgramData\KuaiKuai\KKGame\download\kkdownload.exe
  "C:\ProgramData\KuaiKuai\KKGame\download\kkdownload.exe" /getinfo
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\KuaiKuai\KKGame\download\libcurl.dll

Filesize
260KB

MD5
36fb612db1972a04c0d47b73131e4df7

SHA1
449a6f790508f67691a84e085e9c511c5e561fbf

SHA256
9cadf15983c728391f6a19c41c7d3088b31f7cdd0db5811dfa4a4ad9e409d2cc

SHA512
e3bc4f2e9316275d75baf1058ec24705ab25a7478fe8810224e80d4d9ec73ea952435cb61401e62711c4e6406ef6c7596abeb38087f9ff32fd82068504385909

Download Submit
\ProgramData\KuaiKuai\KKGame\download\kkdownload.exe

Filesize
458KB

MD5
1f293163f3aad1ea2991b0617a4d2c98

SHA1
52a6a9b55bd06ab7cde20348b1b30e1a52e74827

SHA256
0cc64dbdfccd817d12aca859a56619b18f65551f5a2df9cda56650bc25548c31

SHA512
44fc0d2aeb15ba15baeb92bbb3a7fb8511b106413a2afbdc6088656d1bbce14e2a7765110ba8602cbc914a10bbf8b1c959f3f6f84a9c0349cdb3152097d9a9ea

Download Submit
\Users\Admin\AppData\Local\Temp\nst5505.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
\Users\Admin\AppData\Local\Temp\nst5505.tmp\kknsisplugin.dll

Filesize
82KB

MD5
01e75126c5c30022f4561daf30cc029d

SHA1
8494d4147ed1f778d4c02cb0a9bd31a3112a04dc

SHA256
238e7599426e74a5e1f1177c995bfc7bc085ec7f0fe2079e7882db4392e9b4ea

SHA512
09396d49c3aad21b2b541c6823b2be963a5305805eb4d1b46f4c34a635e8025223101c25b8f5c4e12f752f7de527367c6cca2c6c87ce646f5a37d035f16bdc6b

Download Submit
\Users\Admin\AppData\Local\Temp\nst5505.tmp\nsDialogs.dll

Filesize
9KB

MD5
ab73c0c2a23f913eabdc4cb24b75cbad

SHA1
6569d2863d54c88dcf57c843fc310f6d9571a41e

SHA256
3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457

SHA512
99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8

Download Submit