Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
19/09/2024, 16:05
General
-
Target
Kryptex.exe
-
Size
130.6MB
-
MD5
c46c36539912104dbed62f65d6043774
-
SHA1
4526654815356f9fb103fedf29778ba67ea477a7
-
SHA256
097aabc30e748b9ff73a47d8466bb825143e22590726f6774e92aab781a18ffd
-
SHA512
e7d45415ec3c325ec167c7328412cfe85f373ee818938fae79fe86e1c9b28681562c01def9d7662bd592476fb9649f84c5123b286a91016729d6c252aac6dc4d
-
SSDEEP
1572864:b/Q7+OQK1/uUxPhRhAlyqsCHaqVpYCRIZW:06O/s4WllwCRkW
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 7 IoCs
-
Checks processor information in registry 2 TTPs 9 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry key 1 TTPs 32 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"1⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exeC:\Users\Admin\AppData\Local\Temp\Kryptex.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Kryptex /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Kryptex\Crashpad --url=https://f.a.k/e --annotation=_productName=Kryptex --annotation=_version=4.44.2 --annotation=prod=Electron --annotation=ver=14.2.9 --initial-client-data=0x2e8,0x2ec,0x2f0,0x2e0,0x2f4,0x147a48a38,0x147a48a48,0x147a48a582⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=gpu-process --field-trial-handle=1112,10996187226623699786,2764393446478661254,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 /prefetch:22⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1112,10996187226623699786,2764393446478661254,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1112,10996187226623699786,2764393446478661254,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1472 /prefetch:12⤵
- Adds Run key to start application
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\wmic.exewmic os get locale3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp"3⤵
-
C:\Windows\system32\chcp.comchcp4⤵
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption /value3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get SerialNumber /value3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get TotalVirtualMemorySize /value3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic pagefile get AllocatedBaseSize /value3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic logicaldisk where Caption='C:' get FreeSpace /value3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\Release\pagefile.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\Release\pagefile.exe 16 163⤵
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe setPageSize 23⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDelay /t REG_DWORD /d 0x14 /f"3⤵
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDelay /t REG_DWORD /d 0x14 /f4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDdiDelay /t REG_DWORD /d 0xa /f"3⤵
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDdiDelay /t REG_DWORD /d 0xa /f4⤵
-
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption /value3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get SerialNumber /value3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get TotalVirtualMemorySize /value3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵
-
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1112,10996187226623699786,2764393446478661254,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:12⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5f132b5d69d902ed95e9d7b1de4ce6109
SHA1c30582e7b63ea122c0eece6eff1b04577186ae8a
SHA2568167f54173ed5ed7bca78a7c01c0d1f105cf0c4da83ac760621b777705de8ff0
SHA512b3570760c52dcd7805faf898765cc0cca00c208b71c61c3b1ef226dd69a030b607bb067fd4b8bfd1fadc66ccea287b2cd90e53ec5ecddf1362e15e6c8e08bfcf
-
Filesize
9KB
MD5e14bb77192eed211910e441a27ff8f5e
SHA126e45f1c5db4c5c6c465673caf00dc865797ca6c
SHA25619191c5b9a367b32ddb2b0e9bcc128b023924e6d1fe033b7dcc85dfdc2a9e3c5
SHA512e12ef65d8e5c971cbcba5192b03af92158299a24b509501420087a58b67258fe40b15fdf41ea7148c6e7eb4a19a1b6695f0c4050b7fba742b8f0bd3a0a393187
-
Filesize
9KB
MD5ad75a316d8dc3f6435ba0156a47eee61
SHA1d0c64a7d59c9fbbd875ac9c6533361675ff9c08b
SHA2569de68a6f8111c4e34e4567d9d980e0330c2813c401a3d1e76a03cd990b482efb
SHA5128050019fe47e32a66383f3706daa6469ab61f3af5fc6f7dc733897c9d2cd645977149693498cc4c79754a3213d1c3ed16d5cb957796e263e0ca26dcacc6ebfe5
-
Filesize
7KB
MD5028a923c7e24929056d30fc0f6051309
SHA135c17ba7db9ad1576af6c42bf1422878ae751203
SHA25681caa568fa6382ee52d1e7f75c42cf94a91945ab5ebe6caf4e93417d93cf5a38
SHA5122b3d3ccb4b16d3705541f937083b0919e21dd501cea83034d9327f2615a31af500500f9e1306fabca1d8f39233424ced93f1bff5335accea9e16e99a3b34ef54
-
Filesize
1.5MB
MD51f45de1aba2eb5820440183939e6107f
SHA1c08e9af17578469a1692ee86e2d94ecdac5542b0
SHA2560b8ec764bc98bc2fe44b0e3e3b398ddc9e82670663bd14c9e4a0cafec9c2713c
SHA512bceebc835173eb542466b1a4f6f21c1eabd492ac9a86413e0b61194ef7b97f1310a54710dd4ae828b8ba7a52dc8db8caf95bdd7a8d0aa1348d9f83b97a04f25b
-
Filesize
147KB
MD55cb6b3762df753d84e4ffd4afe1a7e1c
SHA1ae2b1c4652aec7315607fc413a4c258f11b69544
SHA25648b7275f47cd44a05d349eb4fdb6cfc451ccbf609a4a56fa34452bcf231c1208
SHA5125723c10ea9c26524f7866b9c749d9887b10c1514bf0cc893ba2a6e9c5d9690015cbcbe024653956af3fb842de3290b4c6c4beb051b67480bdae543d8fd3981cc
-
Filesize
761KB
MD5dc2791bf78b39ef568ba7bb495dedb98
SHA12d80d8c47096b8eec1945094797c9466762f3c1f
SHA256eb1a2a0903c456db115ac01742afb3fbd4af8598e809c8f52e5b1fde2d5fe36a
SHA51221780f4198695410fa87237d0d2c60ae2fae109ef0c66606b959072de7cc7216b3825af1c6f4797e1748b22b8bfecf33f24d16ad76a4e2501b1ba8dcdecf1407
-
Filesize
187KB
MD51bdfa25647f9eef3f5bdaa031367116f
SHA1f03a35891737b80899b052060709e3b877cc0a85
SHA256c6fae5dfe840301ad481ecde333b693d374f17351a2fb206ec46e7257aea16dd
SHA5123f4284d95db9c1d9205355fc5f5f0ecdbddaedbb1e7c8a4f9c003225da442330f7924da1be143af7720d8b71cc5e94177f548202170c0425a727625e24c76c00
-
Filesize
148KB
MD54dc971c52b14a3843564fb0ce8a6a0c1
SHA15b19af49368e4f067cbc73af7b2b54bf2dc8efee
SHA25627ec96008c48052d5f493683297c26b9136f1d6a9e73c3722e243bc959d7cc93
SHA51252510b4c20146e635656814e7088464399cd4ca2d64ca67ee2b116ab4631918e092d90462fc450d610154b3284579cb8b7d0ca7bbc3a6eae6b0a348ccffd04dc
-
Filesize
588KB
MD5fb77ddacd7282df95c318beac7a594f1
SHA17e509adc033b26abbde4ed0059181ccec991d269
SHA256fdd47610abb3f3d04837e70e5f5b4603270786e73aba7f619d8a15df5444569a
SHA5125c183b0e7c6584af7530dc2cc4aaf4538160d24faf98bb615fd2a55494e7f45d5f05e5332d00bda4e945d53c1fb951207983eb11b2923e2e8afc62bda4be2dc6
-
Filesize
275KB
MD563a7fb96a3d09b74a0cc73aff7c48f5b
SHA15385ae620cc0edf178e270d924d01dea591cafdf
SHA256f00d85eb45b70e6b4456d4916793162dcacac87a49678ea3dc376912bc7392bb
SHA512d5af761a4e158defb2d9a804ca1f8ea8cc2b99b8e2d7329dfe09f9f1596f265155d93f39dc2feef5d3d0b60615b2707d787266d603d135dfd3d3a964eea998cf
-
Filesize
4KB
-
Filesize
4KB