0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe
Size

39KB
MD5

338c25569b7ae11a5bb7b4d85446a40f
SHA1

c6fc2b49b0677f8131727ac57002cb9d05b2aa4c
SHA256

0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997
SHA512

fc7ab5f56e41796462d299043ace28e1c50d60bdf1da86756a881d3e9b465549f589ded2c2bc3c753cd69c0e7872246e262654ae43df4d09fc46cc1e5033feb2
SSDEEP

768:G26uYRQRSm8/mjHgetHHz5fl2MOF3h1Ruqk:GVrRLveLgqnv2MYzRbk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2688	kenis.exe

Loads dropped DLL 2 IoCs

pid	Process
2764	0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe
2764	0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2764	0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe
2688	kenis.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2688	2764	0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe	30
PID 2764 wrote to memory of 2688	2764	0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe	30
PID 2764 wrote to memory of 2688	2764	0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe	30
PID 2764 wrote to memory of 2688	2764	0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe	30

C:\Users\Admin\AppData\Local\Temp\0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe
"C:\Users\Admin\AppData\Local\Temp\0b8cca026a78c889fc3ef56bba6d46f75a4123a3893f3f4c4787757f18084997.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Users\Admin\AppData\Local\Temp\kenis.exe
  "C:\Users\Admin\AppData\Local\Temp\kenis.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kenis.exe

Filesize
39KB

MD5
40f936b744c8a25c4215e60378a32d2b

SHA1
90689c72bc130bb933c1566579b6cc85794c09d8

SHA256
55c0288be615b4ccfe9d628a10aa301c5ae4dc704b703fa80f01734d47f4cd03

SHA512
8fcd0fd5d9ec26309f9fb8c2d7efad599a9541a7e94ca7d5687c7ac755063265ad9e292225c3dfc42c671369cd40029abb45789a69418145daf7c8dd5a1a2805

Download Submit
memory/2688-24-0x00000000005A0000-0x00000000005A8000-memory.dmp

Filesize
32KB

Download
memory/2764-7-0x0000000000410000-0x0000000000418000-memory.dmp

Filesize
32KB

Download
memory/2764-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2764-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download