Overview

overview

3

Static

static

3

34b5d6ab97...18.exe

windows7-x64

3

34b5d6ab97...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDIR/tg.dll

windows7-x64

3

$PLUGINSDIR/tg.dll

windows10-2004-x64

3

KfeIE.exe

windows7-x64

3

KfeIE.exe

windows10-2004-x64

3

KfeUpdate.exe

windows7-x64

KfeUpdate.exe

windows10-2004-x64

kfeServer.exe

windows7-x64

1

kfeServer.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KfeIE.exe

  • Size

    1.9MB

  • MD5

    c598bccf058b9042b6205dbf8b2e08a9

  • SHA1

    eaa4c343178f337fd448147fe298ca9eaedef5d8

  • SHA256

    815172e63afc1282c4d288072d68b3ef297b768f257b34ab4d6e3b89a0064b81

  • SHA512

    4b0ce03c9a9c63cb92ab84e750a05219628ff8b29cb4ad6f778f6111278e11eae2ae9be4e6b41150e0be3376071b4ab5856d6292f830bfc4811432085f7291c5

  • SSDEEP

    24576:+ZLa/ZeNyaSjLThvpXrbY2IBKaf3AbjXQD3J9MTDrt5m5bYEWQEnagqUZIHy8t:+ZIh1QXsXQD3TMTDrt5r5altHyC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KfeIE.exe
    "C:\Users\Admin\AppData\Local\Temp\KfeIE.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\KfeExplorer\Cache\TypedURLs.dat
    Filesize

    147B

    MD5

    bbc6f1568fffa6bff40f21617da7c04f

    SHA1

    a21ee06d7715001b9109013a36ef2e81176eb7ae

    SHA256

    d171dfeb0067b0b53c0c61e986ef7b84dc681b35c3090efef43d66d9a0b1849e

    SHA512

    118d9b501c77a373ff6693df6aa55953112882229fd660b58b11071fc1bb506fc5b03b580638af727204d01f549a58df37b107e125ce9888cb153d0c20a75f2a

    Download Submit

  • memory/4852-0-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4852-9-0x0000000002560000-0x0000000002561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4852-10-0x0000000000400000-0x00000000005F5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4852-12-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4852-19-0x0000000000400000-0x00000000005F5000-memory.dmp

    Filesize

    2.0MB

    Download