Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 16:05
General
-
Target
Kryptex.exe
-
Size
130.6MB
-
MD5
c46c36539912104dbed62f65d6043774
-
SHA1
4526654815356f9fb103fedf29778ba67ea477a7
-
SHA256
097aabc30e748b9ff73a47d8466bb825143e22590726f6774e92aab781a18ffd
-
SHA512
e7d45415ec3c325ec167c7328412cfe85f373ee818938fae79fe86e1c9b28681562c01def9d7662bd592476fb9649f84c5123b286a91016729d6c252aac6dc4d
-
SSDEEP
1572864:b/Q7+OQK1/uUxPhRhAlyqsCHaqVpYCRIZW:06O/s4WllwCRkW
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 7 IoCs
-
Checks processor information in registry 2 TTPs 9 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry key 1 TTPs 31 IoCs
-
Modifies system certificate store 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"1⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exeC:\Users\Admin\AppData\Local\Temp\Kryptex.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Kryptex /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Kryptex\Crashpad --url=https://f.a.k/e --annotation=_productName=Kryptex --annotation=_version=4.44.2 --annotation=prod=Electron --annotation=ver=14.2.9 --initial-client-data=0x454,0x458,0x45c,0x450,0x460,0x7ff663468a38,0x7ff663468a48,0x7ff663468a582⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=gpu-process --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1648 /prefetch:22⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:12⤵
- Adds Run key to start application
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\wmic.exewmic os get locale3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp4⤵
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption /value3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get SerialNumber /value3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get TotalVirtualMemorySize /value3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic pagefile get AllocatedBaseSize /value3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe setPageSize 23⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDelay /t REG_DWORD /d 0x14 /f"3⤵
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDelay /t REG_DWORD /d 0x14 /f4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDdiDelay /t REG_DWORD /d 0xa /f"3⤵
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDdiDelay /t REG_DWORD /d 0xa /f4⤵
-
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption /value3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get SerialNumber /value3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get TotalVirtualMemorySize /value3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵
-
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:12⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=gpu-process --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAQAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2416 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
275KB
MD563a7fb96a3d09b74a0cc73aff7c48f5b
SHA15385ae620cc0edf178e270d924d01dea591cafdf
SHA256f00d85eb45b70e6b4456d4916793162dcacac87a49678ea3dc376912bc7392bb
SHA512d5af761a4e158defb2d9a804ca1f8ea8cc2b99b8e2d7329dfe09f9f1596f265155d93f39dc2feef5d3d0b60615b2707d787266d603d135dfd3d3a964eea998cf
-
Filesize
1.5MB
MD51f45de1aba2eb5820440183939e6107f
SHA1c08e9af17578469a1692ee86e2d94ecdac5542b0
SHA2560b8ec764bc98bc2fe44b0e3e3b398ddc9e82670663bd14c9e4a0cafec9c2713c
SHA512bceebc835173eb542466b1a4f6f21c1eabd492ac9a86413e0b61194ef7b97f1310a54710dd4ae828b8ba7a52dc8db8caf95bdd7a8d0aa1348d9f83b97a04f25b
-
Filesize
147KB
MD55cb6b3762df753d84e4ffd4afe1a7e1c
SHA1ae2b1c4652aec7315607fc413a4c258f11b69544
SHA25648b7275f47cd44a05d349eb4fdb6cfc451ccbf609a4a56fa34452bcf231c1208
SHA5125723c10ea9c26524f7866b9c749d9887b10c1514bf0cc893ba2a6e9c5d9690015cbcbe024653956af3fb842de3290b4c6c4beb051b67480bdae543d8fd3981cc
-
Filesize
588KB
MD5fb77ddacd7282df95c318beac7a594f1
SHA17e509adc033b26abbde4ed0059181ccec991d269
SHA256fdd47610abb3f3d04837e70e5f5b4603270786e73aba7f619d8a15df5444569a
SHA5125c183b0e7c6584af7530dc2cc4aaf4538160d24faf98bb615fd2a55494e7f45d5f05e5332d00bda4e945d53c1fb951207983eb11b2923e2e8afc62bda4be2dc6
-
Filesize
761KB
MD5dc2791bf78b39ef568ba7bb495dedb98
SHA12d80d8c47096b8eec1945094797c9466762f3c1f
SHA256eb1a2a0903c456db115ac01742afb3fbd4af8598e809c8f52e5b1fde2d5fe36a
SHA51221780f4198695410fa87237d0d2c60ae2fae109ef0c66606b959072de7cc7216b3825af1c6f4797e1748b22b8bfecf33f24d16ad76a4e2501b1ba8dcdecf1407
-
Filesize
148KB
MD54dc971c52b14a3843564fb0ce8a6a0c1
SHA15b19af49368e4f067cbc73af7b2b54bf2dc8efee
SHA25627ec96008c48052d5f493683297c26b9136f1d6a9e73c3722e243bc959d7cc93
SHA51252510b4c20146e635656814e7088464399cd4ca2d64ca67ee2b116ab4631918e092d90462fc450d610154b3284579cb8b7d0ca7bbc3a6eae6b0a348ccffd04dc
-
Filesize
187KB
MD51bdfa25647f9eef3f5bdaa031367116f
SHA1f03a35891737b80899b052060709e3b877cc0a85
SHA256c6fae5dfe840301ad481ecde333b693d374f17351a2fb206ec46e7257aea16dd
SHA5123f4284d95db9c1d9205355fc5f5f0ecdbddaedbb1e7c8a4f9c003225da442330f7924da1be143af7720d8b71cc5e94177f548202170c0425a727625e24c76c00
-
Filesize
40B
MD52441232957f17517d3f5ff1db101c906
SHA1129762ec06a0a9c2af39c3118d025d6e09b569a2
SHA2567486dc0d1c3f374135c7df8ee60dfbc55bfcad9d1c81e4adbdd9fd21b3481020
SHA5122f84ae35bd776573988bdd573fa8ae36c4c86ef34e2589b517cf22d0065d394c153a9c47f6984e7ab79beee81ac326dafd27ac7fb47a231ebb3b13d6cfa51be0
-
Filesize
190B
MD5144b52099522740457fb7554fc115877
SHA1f8f27104c8c63d9f8d15b0dbfc69bd56074e222d
SHA2567c403f84d980c75ea64d984e09e536e54869b80ccba91cec24d739238aacf984
SHA5122e891bf8e7bfab586793d51ba520fb1e1f0d0100b76e76054f176873cf4353569e4165836dce4438af950561f0cf181ea6ee4635b1ceb1f4a45a919c0b68db8e
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
8KB
MD5c9434743dee92cdf0aa5d0a75881c104
SHA1524f55589d1477adbcbd7ca13ae17d784d0c9268
SHA256cc19f5ae4bceae5d8cf01bc2f8b87eca7ba59e12daf8047f9dfe4b910ea2879d
SHA512ce8dd7d17eea17f9dbb500559ddc8eada1bd323401dd05f80aa84b8cb76d495aafe11efd6536b4ce15f6b8bac7b27a93a125f5cbbd862baa052e92d1468aa42c
-
Filesize
7KB
MD5cb262b24437d2bd944b36de351e73087
SHA1686f60d14174b5f445ef0c9b3b6ecbdf4e4a2b44
SHA2565651e928207b19cebb059eaef9a1ff1bdecf68c8321e8921b21b0e06473f5846
SHA51208e29979119d0a568f17db9def2abf406c1f455f0ce33fcb255560cba6c839f1676d89a0ac6f5361ed69928638afa7605e7ccaf550b006487b78d28df5ec6447
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB