Overview

overview

7

Static

static

3

KRNL-REBOR....3.dll

windows7-x64

1

KRNL-REBOR....3.dll

windows10-2004-x64

1

KRNL-REBOR...ET.dll

windows7-x64

1

KRNL-REBOR...ET.dll

windows10-2004-x64

1

KRNL-REBOR...ec.lnk

windows7-x64

3

KRNL-REBOR...ec.lnk

windows10-2004-x64

3

KRNL-REBOR...rn.dll

windows7-x64

3

KRNL-REBOR...rn.dll

windows10-2004-x64

3

KRNL-REBOR...02.exe

windows7-x64

7

KRNL-REBOR...02.exe

windows10-2004-x64

7

KRNL-REBOR...ce.lnk

windows7-x64

3

KRNL-REBOR...ce.lnk

windows10-2004-x64

3

Resubmissions

04-08-2024 00:17

240804-ak55pszfmn 7

04-08-2024 00:15

240804-ajxryavcrf 7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    04-08-2024 00:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KRNL-REBORN/krnlss_v102.exe

  • Size

    69.7MB

  • MD5

    41de5a1628d155a926bfcc83f75d896d

  • SHA1

    f3328b7cd2bd92a30b4288d2ac486d5fca95f6c7

  • SHA256

    31e271dbbf255b1f77f0bcaf5dcf901901b1cf0962ee23b86974d017e94bb9ab

  • SHA512

    4bfb66e6cbc42fed0be763222175229a9252f6494b7c6e587258ef0204b913997cd3dc0e6d1531f4b93a514859efce86cb4770df91a3f13c58cecd6aaec7ae5c

  • SSDEEP

    1572864:8BLX5WJoWbgWRSgkNOXWxtQSNdiIGsOX6ylfZJ0WuOD:aX5M3gbcKCwGnX3dz09E

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KRNL-REBORN\krnlss_v102.exe
    "C:\Users\Admin\AppData\Local\Temp\KRNL-REBORN\krnlss_v102.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Users\Admin\AppData\Local\Temp\KRNL-REBORN\krnlss_v102.exe
      "C:\Users\Admin\AppData\Local\Temp\KRNL-REBORN\krnlss_v102.exe"
      2⤵
      • Loads dropped DLL
      PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI25642\python311.dll
    Filesize

    5.5MB

    MD5

    387bb2c1e40bde1517f06b46313766be

    SHA1

    601f83ef61c7699652dec17edd5a45d6c20786c4

    SHA256

    0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

    SHA512

    521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

    Download Submit