Overview

overview

7

Static

static

3

6442836c74...18.exe

windows7-x64

7

6442836c74...18.exe

windows10-2004-x64

7

$FAVORITES...��.url

windows7-x64

1

$FAVORITES...��.url

windows10-2004-x64

1

$FAVORITES...��.url

windows7-x64

1

$FAVORITES...��.url

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/atl71.dll

windows7-x64

1

$SYSDIR/atl71.dll

windows10-2004-x64

1

$TEMP/KanKan_1020.exe

windows7-x64

7

$TEMP/KanKan_1020.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

KanKan/Cra...rt.exe

windows7-x64

1

KanKan/Cra...rt.exe

windows10-2004-x64

1

KanKan/IDesktop.dll

windows7-x64

5

KanKan/IDesktop.dll

windows10-2004-x64

3

KanKan/ImgFmt.dll

windows7-x64

1

KanKan/ImgFmt.dll

windows10-2004-x64

1

KanKan/KanKan.exe

windows7-x64

3

KanKan/KanKan.exe

windows10-2004-x64

7

KanKan/Kan...in.exe

windows7-x64

1

KanKan/Kan...in.exe

windows10-2004-x64

1

KanKan/zlib.dll

windows7-x64

3

KanKan/zlib.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/KanKan_1020.exe

  • Size

    2.2MB

  • MD5

    56e5f4611a542ca833721569749cb291

  • SHA1

    50e5813d6b78b32392e39c868ace99f46c829cdc

  • SHA256

    f984adb81a9bb0945692c0377d770ece26c09e63e138c1843127d7993cc202a1

  • SHA512

    3963405c67ef80e2c8bd33e4cd2156a15d35700011b5147506c9f96af813cfbf839c7668e031f9813eb1201a67ed65c7ed9101dd5c23da3b5e6e7bc88cca6e64

  • SSDEEP

    49152:vcdZYkrOtorhQQUw4pyyp/d8XaaXWe4P+ynePQPX:vcfOtotQ++yyp/d8XaaXKneIP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\KanKan_1020.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\KanKan_1020.exe"
    1⤵
    • Loads dropped DLL
    PID:724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nszA9CE.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    32aa6334fc543e70ef0f792bb9a0c45a

    SHA1

    54be1f5004f7e5afe7c9ba160495076ea2a4d60c

    SHA256

    610e54bcfc2831d4f9d7030ceb16d35ee33006403d842f01b6e75bebea0083e2

    SHA512

    ac92116821a032de8df64bf9aea9c6ba4040467eebaa4e028c2bf031f1c81bb69531288b9d89d951b952fe0b4ecccade874a5ae76d04db8b4dee2d13c486f9ae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nszA9CE.tmp\meituWel.ini
    Filesize

    211B

    MD5

    03845d9eb2ed3ebc92255f06af7d1479

    SHA1

    c4cf81a5348217be9068b216a13a093bfbcee911

    SHA256

    3f1dade375229acd43f146cc4b4a1f64931e64f53efd8c857f38529cdfacd22d

    SHA512

    ddb23686554cf998ae5f1ca3cd661cb25c2d455d79a9466d69bb1abb118a955c6cd0ff7b8d829c1f23d0a0c7e1d69cc7a388813b9fa0b0cd0ec65db9689964d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nszA9CE.tmp\meituWel.ini
    Filesize

    210B

    MD5

    0efe5c4e8bc18674fd9569079747a616

    SHA1

    666d54931b1217293bf29a8e0140522a1e918715

    SHA256

    56e3cd95a6ca62d33ceed5db9c65371491e112266947ed16e657aee8fc5065eb

    SHA512

    a82ce2e9ab77265447773c113c9cea3e2b2249c03a228bf7f6e0b9dc189c995fdcf2385427d8a1b738a08938f0a94c12e541f3c46a9a8b68dfd980627f52a080

    Download Submit