Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20240704-en -
resource tags
arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system -
submitted
09-07-2024 06:09
Behavioral task
behavioral1
Sample
Kurome.Builder/Kurome.Builder.exe
Resource
win11-20240704-en
Behavioral task
behavioral2
Sample
Kurome.Host/Kurome.Host.exe
Resource
win11-20240704-en
Behavioral task
behavioral3
Sample
Kurome.Loader/Kurome.Loader.exe
Resource
win11-20240704-en
Behavioral task
behavioral4
Sample
Panel/RedLine_20_2/Panel/Panel.exe
Resource
win11-20240704-en
General
-
Target
Kurome.Loader/Kurome.Loader.exe
-
Size
2.2MB
-
MD5
a3ec05d5872f45528bbd05aeecf0a4ba
-
SHA1
68486279c63457b0579d86cd44dd65279f22d36f
-
SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e
-
SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e
-
SSDEEP
49152:KSmo0SdsEoRykUuulqasMwMcdZa9FHeXXGFr3sylP2/BQ7MWV:lm7UQRyksl9cXwFHeX2t8y21
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
Processes:
Kurome.Loader.exedescription ioc process File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll Kurome.Loader.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Kurome.Loader.exedescription pid process Token: SeDebugPrivilege 3700 Kurome.Loader.exe