4748489a4d692e72996a448b47c7fd465a14080926f7d6fb304240446c9e59af

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 06:14

Target

KRNL-REBORN/KRNL-REBORN/krnlss.exe
Size

13.3MB
MD5

f4e7c776a1782f05a43b037cfac70d15
SHA1

c09e2c11b58555cd047793d26622e0c4ca1ad7b2
SHA256

fe1852241114c26f7fbe3e9279c1031156dbdfbdc6063254e40849b0eb1e42af
SHA512

31fd5000b30256255a24e446a2b79188c69da04799ec4825f573e35bea17456dd0e443bdee4256f4b517d936d597349790f2c0d4b93d0e2d2c12a3f485f9f7f7
SSDEEP

393216:AEkZQND/vCKL2Vmd6m0JJVAzDak/ikzndpzl8HhuPpCdiYh:AhQ9X7yVmdYDAvLpfKP8Yh

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2916	krnlss.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2916	2040	krnlss.exe	28
PID 2040 wrote to memory of 2916	2040	krnlss.exe	28
PID 2040 wrote to memory of 2916	2040	krnlss.exe	28

C:\Users\Admin\AppData\Local\Temp\KRNL-REBORN\KRNL-REBORN\krnlss.exe
"C:\Users\Admin\AppData\Local\Temp\KRNL-REBORN\KRNL-REBORN\krnlss.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\KRNL-REBORN\KRNL-REBORN\krnlss.exe
  "C:\Users\Admin\AppData\Local\Temp\KRNL-REBORN\KRNL-REBORN\krnlss.exe"
  2⤵
  - Loads dropped DLL
  PID:2916

C:\Users\Admin\AppData\Local\Temp\_MEI20402\python39.dll

Filesize
4.3MB

MD5
19e6d310c1bd0578d468a888d3ec0e3d

SHA1
32561ad9b89dc9e9a086569780890ad10337e698

SHA256
f4609ec3bbcc74ed9257e3440ec15adf3061f7162a89e4e9a370e1c2273370a1

SHA512
4a8332c22a40a170ea83fc8cfd5b8a0ed0df1d59fd22ebe10088ba0be78cc0e91a537d7085549a4d06204cbe77e83154a812daed885c25aa4b4cb4aca5b9cc85

Download Submit