47f5ce81ce33612610a6efc353a0735a4baf8486a898d7eceadb8a58d2415dfc

Analysis

max time kernel
315s
max time network
320s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kaspersky4win202121.16.6.467ru_45357.exe
Size

4.3MB
MD5

63c9a22c500df9925f2e513ae1091653
SHA1

bc93f45c412173045c0e39cb1b6a622c52669de0
SHA256

47f5ce81ce33612610a6efc353a0735a4baf8486a898d7eceadb8a58d2415dfc
SHA512

1661a5a4bc12b96bd3b769ea7619a1c62ec009a3df74d6f605c9d3741234a37d89acfa05f58223195e6e0537d94294a93773b9d96c05d6536415b9e756b6ba83
SSDEEP

98304:EO/RG67kIN84klIci68xyDC2YmoieSoaSiHFnI6ts3/8:b724kDi6s2YBieS96/8

Score

6^/10

bootkit evasion persistence trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	kaspersky4win202121.16.6.467ru_45357.exe

Downloads MZ/PE file

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	kaspersky4win202121.16.6.467ru_45357.exe

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	kaspersky4win202121.16.6.467ru_45357.exe

Executes dropped EXE 1 IoCs

pid	Process
1792	kaspersky4win202121.16.6.467ru_45357.exe

Loads dropped DLL 44 IoCs

pid	Process
2168	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe
1792	kaspersky4win202121.16.6.467ru_45357.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	kaspersky4win202121.16.6.467ru_45357.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	kaspersky4win202121.16.6.467ru_45357.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	kaspersky4win202121.16.6.467ru_45357.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky4win202121.16.6.467ru_45357.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky4win202121.16.6.467ru_45357.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	kaspersky4win202121.16.6.467ru_45357.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1792	kaspersky4win202121.16.6.467ru_45357.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1792	2168	kaspersky4win202121.16.6.467ru_45357.exe	31
PID 2168 wrote to memory of 1792	2168	kaspersky4win202121.16.6.467ru_45357.exe	31
PID 2168 wrote to memory of 1792	2168	kaspersky4win202121.16.6.467ru_45357.exe	31
PID 2168 wrote to memory of 1792	2168	kaspersky4win202121.16.6.467ru_45357.exe	31
PID 2168 wrote to memory of 1792	2168	kaspersky4win202121.16.6.467ru_45357.exe	31
PID 2168 wrote to memory of 1792	2168	kaspersky4win202121.16.6.467ru_45357.exe	31
PID 2168 wrote to memory of 1792	2168	kaspersky4win202121.16.6.467ru_45357.exe	31

C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467ru_45357.exe
"C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467ru_45357.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\temp\06E9B44CBCE3FE113BF3EC69443FBBDB\kaspersky4win202121.16.6.467ru_45357.exe
  "C:\Windows\temp\06E9B44CBCE3FE113BF3EC69443FBBDB\kaspersky4win202121.16.6.467ru_45357.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\kaspersky4win202121.16.6.467ru_45357.exe"
  2⤵
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Checks for VirtualBox DLLs, possible anti-VM trick
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of FindShellTrayWindow
  PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Kaspersky Lab Setup Files\KFA21.16.6.467.0.5.0\kdscrl.rdb

Filesize
3KB

MD5
79a78149e4ef2e6e09cc061338c7b151

SHA1
99505d2461a18f16d4d185603887c60e226347ee

SHA256
e6c0da20fc5d9eda24e4128faa5641f8b2d39951e0a0236c013e1f1efcbf83fd

SHA512
a3baf55b373b943f8f1c8840cdc2f02a94aed436c54fdcb8cf6eeac9b5840a5e1a11be0c70460da0c17f6fda1b01b87f4e2a688abb5ddeb7819301a1354d688e

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.372.0\au_setup_C48F17D3-3ECB-11EF-B33F-CE9644F3BBBD\startup.exe

Filesize
4.3MB

MD5
a423a6a12fe4e5958e22d4382e3e8124

SHA1
e9932b58b88a55c0f958729d909c7425a8d37541

SHA256
e81dc2c3ff23d7ce547c7109a78ed876158f6f92cb684fb6256824f0800c0db9

SHA512
f0e8f6620ae0e8b82d20e1c46c8fc98baf1bc47a3bb5075bfeaa59eeda1ab3a1deefe0c6b6c24201e4cd64dac070b5ad28bf951a7a69e4b3ceb60720d0676994

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e04ceb9ac407526eaec2ae18f15cff26

SHA1
d3fd557ca22b44a79c711c6e60ad2186e003cb1e

SHA256
b439dcd1fe13830e37b2365a92afa4db3d85def7486ef2a02b42461b5e5efcd8

SHA512
cf2fdeae1083b9da50d34a82ae1fb59e1cb208529fb5a174d80cee251655361a35bc664ec142c0b77f8690df349361ba24969e2a93713d132db0b728d3dc782c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
617c449c5083b06a784d8041e26762ec

SHA1
549f523e74ee9a37ffb847577cf0083f1a72e01d

SHA256
9d89f98352c844e55542cc92c0379edc0b11ee97982a370387c355273112add2

SHA512
271e612862f58fd79e58d1ae274c9295206539a21a49536cbc1875f00d65fb72a82a89978b33c56bdd41f37c3340706cf7e45be8a7343210284e0c2f994f5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\kl.setup.ui.visuals.dll

Filesize
417KB

MD5
5bcc51f3bb85949e37ffc08cf1501f70

SHA1
f2d6067c3084e5c0af33b6e4bb9837b3f05a8f83

SHA256
fdcbe09d8c6ee7681e88bbf7bbcc6c87f089d034e00df6a422c3482f4a99a2bd

SHA512
950d8bf52222c1ba6c5173b3a9385737b4b414a259d72adee921b524b790113f473e00b5961972b19ad5dd2349fc1ba5c7b3541086c5b93a11238992a0e3c8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE9D4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEA93.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\System.Windows.Interactivity.dll

Filesize
39KB

MD5
3ab57a33a6e3a1476695d5a6e856c06a

SHA1
dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7

SHA256
4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876

SHA512
58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\kl.setup.ui.core.dll

Filesize
89KB

MD5
78fb3f1e9f69beca863af1ff7713249c

SHA1
65e00f042db34b385d9bfd0100a3b13efd79df5e

SHA256
323aa8d8707a030bf245d6031b7fb439c929a3a24c5621a03276114691e45aac

SHA512
79bcfa36dfb3b1a6e04d06a5d85fce6574831d5684ae55c9e08784ee6a585bde5c649438103d40edd85da3bb8fd1d27b00be16fd421d32502da3587468ee8ced

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\kl.setup.ui.dll

Filesize
279KB

MD5
bb9df6ed16bad5bbcde9b106e11dff6f

SHA1
5a18c06282442a241e42ea45eb636cc77bf7d95c

SHA256
dc5f2821548e5a660fc920224846994da0169972f18a15e04fc9943a6a08f734

SHA512
12d3c0ec2cc0224614cd8dcc81bb0f5610a0b836420628722d3409775f1c186b9d7cadb9a61bf5ce5f5ae1c99fa408ad14900f7f8b83c0b5073180786f9123a6

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\kl.setup.ui.interoplayer.dll

Filesize
56KB

MD5
a54a9d1185edd71b120010d131f0dbea

SHA1
e24ebb90da9840cb2b813bac4409c9525258d864

SHA256
a7d59379fdfa59c21b114b087b16028480f976efa12e3a197fff3729f28f3bb3

SHA512
c16e90afa3c9d49c6fb8af03e027e927c6ae582f28ffd6cbcb79178a47346327bef6ee8791cc0c04643ca7204c964c19c270f6c8609f1225bdcaf7d5f3c94c49

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\kl.ui.framework.dll

Filesize
235KB

MD5
aeb7ba2ce5574025a985313bdde99cfb

SHA1
7e7d4d90a11c317c5d3b5065d47ef4209296cdaa

SHA256
92d7b5ad2e92e72804223e71cde8350ba7f0561e5e1b8c0002ce88e3e88f6ef0

SHA512
bd0aa5b5ac94076d6d6607cf704bcd89cabf43d3f99042fee8b653a0674c315ac9e464f0aef091998152f6b107a47034b541021efaf759bf250f6f99a91ba572

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\kl.ui.framework.localization.dll

Filesize
281KB

MD5
ccf2531b77412b4eb5410888bd3eeb42

SHA1
ccc53ff2ac5b21d2a026b9f3431a016aee08dcb6

SHA256
170a04a3141b1c4f2606c3ba78d687972db6319d85d7a45f59958cc9f1fd05bd

SHA512
6eefd54ed14076cbd391e95817ce53c4bf69bae7d3c6f75f682d8e26f236cb2e4b9153c54fe358e1f833e9661cdc010686a2a5136fa70d77ca7f81cd59e32909

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\kl.ui.framework.uikit.b2c.dll

Filesize
543KB

MD5
fb389c9c3c063163f5609608405f66bc

SHA1
0d2d249335b82941aaa7aeb58947c12cadf04ff8

SHA256
7e97138fe069a260a05bad7beddc31fc54d0909f36728ab0efa761e7580393df

SHA512
c169b1e6fecd432517f58bac541820c4fde5fefd847b9dd4544d290f95334b8fc392b26cd02eebeb30aaddb87885bd35b1f0c46644b1e5b9e9c84115afebf0f7

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\kl.ui.framework.uikit.dll

Filesize
2.5MB

MD5
7076c5eb43353580a88554a458c393dc

SHA1
74d9ec58d4ef5d0a7a69fe6500b47c6873ed87ba

SHA256
294055db0edebad0b62f5690d65c401ff3c859bb2ce913c7840142ea344f0f24

SHA512
81c88f67e55c415a5fe48c07d020069cd494c7eaafb8c79475093121121d7360c9a72e79f9f64c6700f4a90a923ae876064d0a942c2cda3a6914c1b07a218515

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\setup.dll

Filesize
5.6MB

MD5
986033838280c8d36c4fcc14b03caa35

SHA1
ac082f683dbbf4537dccee380b802055b2cf60df

SHA256
42abfb0fd3d1fba8832f5eb2aa0e0d42a10b60f4a033c1b3838668287a4e88d6

SHA512
4245f331953fd6661d75349e229e012fdce8fdf85de5f3666468f9b6198d678292ecd1970a6eb0101c02c3609d2116d7a609b9341509478de1b4e03c9614d65e

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\sharpvectorconverterswpf.dll

Filesize
137KB

MD5
ca5e6167b66c384f62e56fe0e1757af3

SHA1
4d8912deab579d0ad3bfa7477f7377d03260ec1f

SHA256
a9edc78bc8dd9e6ab098c96d2f26949bf8cc7c1f1071c5d96154022dac685979

SHA512
53d2828ea80ba1c9726240859c42deddf3b384bfdc173763804d5c0e59bc531de519720c8f396cba3851768be14ebed5f8f6ed501d2a99055f2abab9c920ce5a

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\sharpvectorcore.dll

Filesize
201KB

MD5
f6004bd10ff1bced912d389a48138323

SHA1
349d4f7bb69dec14ce5051c1ce4d7aaf33ce9ab8

SHA256
fa2c2216181125daaf69ce4c7e2addc9df98e09845a27292b9775ff8d568ac39

SHA512
550af5c8d54f4987a7c05347c9fa21a6cac5817ed410c5f9358bed6d13648c0c55be2426ea3b221f82b635e91f2a2c505f07703ae93392754c870853073536d5

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\sharpvectorcss.dll

Filesize
109KB

MD5
25e40483458b8083eb12d38b6cead136

SHA1
9158642854dcdc9b2610272e181d98526b3547cc

SHA256
1a87d710b34b187f75e9213c95ab5eb129da63906f122035e7badf7044c929c9

SHA512
381ba47f815cfc4fe665913a49f8e53121dcad53c8e63ffc3d61663a2b5db0fc3fb2e3e8784fe5a0fd058ccb0687317c11e01debf4c596795f7cae5fd45dcadb

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\sharpvectordom.dll

Filesize
55KB

MD5
b97a47906b78413d18249eaa15c0933b

SHA1
ccf1951838e20c52cdc440cea34f88101310dbb3

SHA256
5fd8cfbe80ec610463ab092b74e2c22b2651f30dd0660849d09210e70eca7254

SHA512
b490641ca358c270e77e587c5ecff4ad60848384348603d576212e4da133d30087aa32ed11037d19de8f3f6777711255f5a6a9a66ddfa0abb87d893d72619af5

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\sharpvectormodel.dll

Filesize
997KB

MD5
ff09404438a1aaf5bafa792a504e7631

SHA1
7e78ad564aba274bf70c5320e39ae5061b30572a

SHA256
ccf8359d7862330ebb1dd0a5f50b9e12e43b1763ef64cde5417960774d1dcf11

SHA512
8b90210aa69b69b9e4e06a721a444ca9e50bcb87648fffdd2f47f2056ad52c55a2228547c45757a804b3b76ced8bf8899918f5c4a23f2139061bdff1dcf23db5

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\sharpvectorrenderingwpf.dll

Filesize
203KB

MD5
619044935bd3151b6d1fef1e06ce5323

SHA1
f5d5e2b4171465ef022ed85ea7ff1e70c7b2a581

SHA256
5b6dc4ff32972e022a3a457d319ffc756c915b8f9be4fa62a550f2e361aca5f2

SHA512
d5f4cc32d6ccecd4accdb78913badc5190adea1df1e173d5b47ef2c522cadf4d2f198deb25440aa1360c03ba90fe734f3f8a3b63b38e7b7c54b8d3ecaad06cd4

Download Submit
\Users\Admin\AppData\Local\Temp\0D71F84CBCE3FE113BF3EC69443FBBDB\sharpvectorruntimewpf.dll

Filesize
69KB

MD5
cef0c0a808a94ef99fc4dc3472691a21

SHA1
637ea1d4def4e840d73af915d0118db2c8c9f2bc

SHA256
186fb849e9284fda5ed5ea84b1bb7a73b4321afa063df2fa4812b7f0dd857761

SHA512
0f764d85f76fe2fdcf094120f379e0841b74f710b6857722687334bd7a01329d79ab653e825c323110c9e67999429c70efe2c213b7a6a77d1d939f1829f5ad67

Download Submit
\Windows\Temp\06E9B44CBCE3FE113BF3EC69443FBBDB\kaspersky4win202121.16.6.467ru_45357.exe

Filesize
4.3MB

MD5
63c9a22c500df9925f2e513ae1091653

SHA1
bc93f45c412173045c0e39cb1b6a622c52669de0

SHA256
47f5ce81ce33612610a6efc353a0735a4baf8486a898d7eceadb8a58d2415dfc

SHA512
1661a5a4bc12b96bd3b769ea7619a1c62ec009a3df74d6f605c9d3741234a37d89acfa05f58223195e6e0537d94294a93773b9d96c05d6536415b9e756b6ba83

Download Submit
memory/1792-121-0x00000000039F0000-0x0000000003A00000-memory.dmp

Filesize
64KB

Download
memory/1792-149-0x0000000005F80000-0x0000000005F8E000-memory.dmp

Filesize
56KB

Download
memory/1792-109-0x0000000008090000-0x0000000008118000-memory.dmp

Filesize
544KB

Download
memory/1792-104-0x0000000008090000-0x0000000008118000-memory.dmp

Filesize
544KB

Download
memory/1792-98-0x0000000005F10000-0x0000000005F78000-memory.dmp

Filesize
416KB

Download
memory/1792-10-0x0000000077670000-0x0000000077680000-memory.dmp

Filesize
64KB

Download
memory/1792-116-0x00000000039F0000-0x0000000003A00000-memory.dmp

Filesize
64KB

Download
memory/1792-129-0x0000000006770000-0x00000000067A4000-memory.dmp

Filesize
208KB

Download
memory/1792-89-0x0000000007C00000-0x0000000007E88000-memory.dmp

Filesize
2.5MB

Download
memory/1792-85-0x0000000003C70000-0x0000000003CB6000-memory.dmp

Filesize
280KB

Download
memory/1792-133-0x0000000006CF0000-0x0000000006D12000-memory.dmp

Filesize
136KB

Download
memory/1792-125-0x0000000003B40000-0x0000000003B4A000-memory.dmp

Filesize
40KB

Download
memory/1792-124-0x0000000003B40000-0x0000000003B4A000-memory.dmp

Filesize
40KB

Download
memory/1792-137-0x0000000006D80000-0x0000000006DB2000-memory.dmp

Filesize
200KB

Download
memory/1792-81-0x00000000033B0000-0x00000000033C6000-memory.dmp

Filesize
88KB

Download
memory/1792-141-0x0000000008B10000-0x0000000008C0A000-memory.dmp

Filesize
1000KB

Download
memory/1792-77-0x0000000003650000-0x000000000368C000-memory.dmp

Filesize
240KB

Download
memory/1792-53-0x00000000030D0000-0x0000000003116000-memory.dmp

Filesize
280KB

Download
memory/1792-49-0x0000000073050000-0x000000007373E000-memory.dmp

Filesize
6.9MB

Download
memory/1792-93-0x0000000005F10000-0x0000000005F78000-memory.dmp

Filesize
416KB

Download
memory/1792-145-0x0000000006090000-0x00000000060AC000-memory.dmp

Filesize
112KB

Download
memory/1792-153-0x0000000006270000-0x0000000006282000-memory.dmp

Filesize
72KB

Download
memory/1792-48-0x0000000073050000-0x000000007373E000-memory.dmp

Filesize
6.9MB

Download
memory/1792-159-0x0000000073050000-0x000000007373E000-memory.dmp

Filesize
6.9MB

Download
memory/1792-160-0x0000000073050000-0x000000007373E000-memory.dmp

Filesize
6.9MB

Download
memory/1792-45-0x00000000006A0000-0x00000000006AE000-memory.dmp

Filesize
56KB

Download
memory/1792-41-0x000000007305E000-0x000000007305F000-memory.dmp

Filesize
4KB

Download
memory/1792-8-0x0000000077670000-0x0000000077680000-memory.dmp

Filesize
64KB

Download
memory/1792-9-0x0000000077670000-0x0000000077680000-memory.dmp

Filesize
64KB

Download
memory/1792-460-0x000000007305E000-0x000000007305F000-memory.dmp

Filesize
4KB

Download
memory/1792-461-0x0000000073050000-0x000000007373E000-memory.dmp

Filesize
6.9MB

Download
memory/1792-462-0x0000000073050000-0x000000007373E000-memory.dmp

Filesize
6.9MB

Download
memory/1792-463-0x0000000003B40000-0x0000000003B4A000-memory.dmp

Filesize
40KB

Download
memory/1792-464-0x0000000073050000-0x000000007373E000-memory.dmp

Filesize
6.9MB

Download
memory/2168-1-0x0000000077680000-0x0000000077690000-memory.dmp

Filesize
64KB

Download
memory/2168-0-0x0000000077680000-0x0000000077690000-memory.dmp

Filesize
64KB

Download
memory/2168-2-0x0000000077680000-0x0000000077690000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads