ced2b48ca2870182bc3ae1af0a4d6f4da454c1bef1f8bd1749a6dd6bc089d093

Analysis

max time kernel
146s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
09-07-2024 06:09

Target

Kurome.Loader/Kurome.Loader.exe
Size

2.2MB
MD5

a3ec05d5872f45528bbd05aeecf0a4ba
SHA1

68486279c63457b0579d86cd44dd65279f22d36f
SHA256

d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e
SHA512

b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e
SSDEEP

49152:KSmo0SdsEoRykUuulqasMwMcdZa9FHeXXGFr3sylP2/BQ7MWV:lm7UQRyksl9cXwFHeX2t8y21

Score

4^/10

Drops file in Windows directory 1 IoCs

Processes:

Kurome.Loader.exe

description ioc process

File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll Kurome.Loader.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Kurome.Loader.exe

description pid process

Token: SeDebugPrivilege 3700 Kurome.Loader.exe

description	ioc	process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll	Kurome.Loader.exe

description	pid	process
Token: SeDebugPrivilege	3700	Kurome.Loader.exe

memory/3700-0-0x000000007504E000-0x000000007504F000-memory.dmp

Filesize
4KB

Download
memory/3700-1-0x00000000009E0000-0x0000000000C16000-memory.dmp

Filesize
2.2MB

Download
memory/3700-2-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/3700-3-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/3700-4-0x0000000007D40000-0x0000000008350000-memory.dmp

Filesize
6.1MB

Download
memory/3700-6-0x000000007504E000-0x000000007504F000-memory.dmp

Filesize
4KB

Download
memory/3700-7-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download