Overview

overview

7

Static

static

3

ebbbc24032...18.exe

windows7-x64

7

ebbbc24032...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

KRyLack_So...te.url

windows7-x64

6

KRyLack_So...te.url

windows10-2004-x64

3

Ultimate_K...te.url

windows7-x64

6

Ultimate_K...te.url

windows10-2004-x64

3

ulklfemon.dll

windows7-x64

3

ulklfemon.dll

windows10-2004-x64

3

ultimateke...ee.chm

windows7-x64

1

ultimateke...ee.chm

windows10-2004-x64

1

ultimateke...ee.exe

windows7-x64

6

ultimateke...ee.exe

windows10-2004-x64

7

unukfree.exe

windows7-x64

7

unukfree.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KRyLack_Software_Website.url

  • Size

    48B

  • MD5

    6f536747faf70a97c0906bae19c99586

  • SHA1

    51738b6372bcc1e51d9d938205b755a0f0db88b4

  • SHA256

    193019f7cbe31c7651bd95e785f17f523e3fcc3eb3ae219f464360705fffc40f

  • SHA512

    ada7de72385c4faaa33e3f4b0c274a3a1d5e5f8d20e4672be5778333fe2d688daa3b67c84116cc6e9a3b5ee5924291e2e8b4dbd2364174f0168dad446b5ef5a6

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\KRyLack_Software_Website.url
    1⤵
    • Checks whether UAC is enabled
    PID:2156
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    375f0cca506cad4a623bb9a24b1f50c7

    SHA1

    36fd14154224ab951fdfc33f41f933e038755a9c

    SHA256

    2123d9c9729220763901b2e64d3cd5fc289f80bf6759d658f8f5e063cfd9b635

    SHA512

    3360dcda5d1bbbc954d483a87984258c155c2d64263cf03f0000779a26413371ae0c8d68353d0ed1a33725bf71b960719b172a3dd6247be913980ffc61539c1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d937abaf2effdc2437afb796380b2bea

    SHA1

    2fe8964c5602408264694fcfe5a92c74690c9ef1

    SHA256

    76cd899a7748f4c615e0e77dcf842aff7bc5bead609b479191ee5a9b55a8a4fb

    SHA512

    1e5700c0227b8cedb038258bcd3fd9d29da4b2c9f179cf24a0f6c3279316c982a060d284df0f44f4971d76886aacb49eb353c2cb2466e0f6cd025c5b45bde533

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b69f3eb0fdd14a23bb3033ece06aa1f7

    SHA1

    82e5947f042210cd33e122d38106ea42391dd69c

    SHA256

    4198a34562f50e55fe5ac07059163992408d33b5bdf423a8c563ce166bad4b91

    SHA512

    faa79606f6cdc8ef7f9b46307ca392cecafebfbd115d47fc886fd9b3b76deed4197564dff8acef71215a7f14177a1f2d1fe452776dbc9459e1e89137e9364de9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d90a441b4d5bcf946d453776a925f3b5

    SHA1

    0ddc37c630ac57e164acf5419e87e3991990350c

    SHA256

    73b8897853ffff6a8e1a48f84689edaecadba64b76780a308a18e590e414ccb2

    SHA512

    a1879e4c51b219f421e70206a2e460d71d7f64c2d4e13e7914ce46d453f3e1db7e30ff66a73c5f5fdf662f41b8edf159be483677554c948f26e803c2db5b3f88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1ae3a5d7752d030dd4075203ee9a68f

    SHA1

    b3a7ba02d3463f6620e0d1a0eb6b3b86911b2ecd

    SHA256

    adc2ba59429e076fadf36a45fcf5d4fe886a4ba12664a7d74bce12fdd620d38e

    SHA512

    b06dd80a77c1aaffa720d64e2d146ef2c63dad3992f3fa303721cfbf2b59347b9e23e329d1af151f67cd8ce2a097ddcba06ef38b0696c029c4403709098f0338

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aec906c43372a11cee04f0c0d5d3de5d

    SHA1

    d7ca58c1c917273314e7e175a4a0e647e6875d41

    SHA256

    61726f0a34808e6878b692a8dd7b085727ae7d748c9f04d29f1f1abac2f19459

    SHA512

    b5b98abe37ed6466746ed0dc1625d4103105e8b343372459f8d5151cdcc27fc3abdd8c163ff9ef36fe3093abc764b04cc363cfc08b83ec352022680e02c82232

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4770b3cf6d24e8612018b96aa875f25

    SHA1

    9c8c329a03231e5f1527e90ccea8db4bb1ef34a7

    SHA256

    3c39bff0e426641fe0225a9ec66069e7c3118fd4e21adbf2d34b063bddfb83c0

    SHA512

    6dad91a1d27d5907f84aa7fd5993bb99f86bbbce448aad52575318b82243bc34f028865e6111462ad4e0dedb467c1d00b5d3c34cb82a5cd37deb9a04e6a2086d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e4adb096d9833abc32f53aa34760818

    SHA1

    ff1e2394ea8c6390a95405d4c6d0e495bf82853d

    SHA256

    a476d71e1d01b701ef88625b060781a55735a4a2d917ffa813c92946bf99e26c

    SHA512

    7329293688c4a7c53d91c082fd7d18c7c8075d7abefe303b44124679d7137a9bf3c8e37b1cb26ba5d759ce2816977616a0535caf22e1bd5b41d27895818803b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3213e4a2b614ea6216af9631210c87f2

    SHA1

    62d99a90b47fbcc941080f41ec931515bfb4909d

    SHA256

    d773c11abe16b4096a2106b37acd477d29825b2699eb8e4f3bb390cd720a88cf

    SHA512

    a39510b3014a64d93b47fc9712c4044154b2625b6a324854af56bfacda02fe58a6b18425c04ebbd4f5f90c249263f5f3fabf7c6024bdbdf0734d487cf84bbee8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eee7069b1c307e98b15e41600043549a

    SHA1

    64994f3a60fb3deeef0a1d2179dccac12679a907

    SHA256

    f5dc01ab70cc7ac5ac2a54bf8391b2bc27f6b65fc6f3ef8ad7dac3e7a949a564

    SHA512

    9c36814d8c2531772ea1a83dda738767af3e9111e8bd0aed1c2d8f6e2c1e2c43b81b6901b2190332e3480eaa1513ba5cd25dc24984cb24b38e8cf06ad529e2b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1aed5a3a6563b4d1101a0c994fd3def8

    SHA1

    b1cbed17de08615b344dbcbef2626091eaf19ec9

    SHA256

    7b077bbc999fcd3e76c0c26dc3dc7f89cb00c04a8b43b064c23b14af65cf3f9f

    SHA512

    b0aff7ad34d2b757ddb28023d40b7cde9648ef041ae8bb12be4a7e39dd8f0643f3f23b2f305c81d78c6f6db847e23dd4bc8c58b9e09a81ffe33282051a0f44b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58cc34a411b170a4335383a2304a9b16

    SHA1

    f2a7cc2a8a04275d84d50a14f69bc5abe06d5ae8

    SHA256

    f2f6eda9ee4b761d5a7a4af1e2a893514b672721bd01e7e5c66dc87e76dcbf0a

    SHA512

    3b01a5d48a05892c1c93fd3e6139c367cd2429f9c3f4a07492750e517c977775bc7876f1701200a5db9b3eef0d23e33cca73699fc625f3bcdb4503abccf4e19d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBE22.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBE94.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2156-0-0x00000000002D0000-0x00000000002E0000-memory.dmp

    Filesize

    64KB

    Download