Overview

overview

7

Static

static

3

kontol.exe

windows7-x64

7

kontol.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 04:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    kontol.exe

  • Size

    7.8MB

  • MD5

    34e70d532ab1c1d11450a84609197baa

  • SHA1

    0f889138ecd4f52e9a467cdfeb3fbc040049a266

  • SHA256

    f455df981365c65800467adeaacedb7beeaef413e4255d2b9545bd90e673f406

  • SHA512

    435c2db2f5378c53a79d2d5f5c326b5e2f669b36bb489c616377495e202dd0eb329b9d37c865dca018efef33f09d0d8942241ad5a8a354c0c8488e62bde226eb

  • SSDEEP

    196608:1N0MBT+XZA1HeT39IigmauDXURuAdqU3:MMBT+XS1+TtIiguARuAdqI

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kontol.exe
    "C:\Users\Admin\AppData\Local\Temp\kontol.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\kontol.exe
      "C:\Users\Admin\AppData\Local\Temp\kontol.exe"
      2⤵
      • Loads dropped DLL
      PID:2628

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI28562\python311.dll
          Filesize

          5.5MB

          MD5

          387bb2c1e40bde1517f06b46313766be

          SHA1

          601f83ef61c7699652dec17edd5a45d6c20786c4

          SHA256

          0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

          SHA512

          521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI28562\ucrtbase.dll
          Filesize

          1.1MB

          MD5

          3b337c2d41069b0a1e43e30f891c3813

          SHA1

          ebee2827b5cb153cbbb51c9718da1549fa80fc5c

          SHA256

          c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

          SHA512

          fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_MEI28562\api-ms-win-core-file-l1-2-0.dll
          Filesize

          21KB

          MD5

          3473bc217562594b5b126d7aeb9380e9

          SHA1

          b551b9d9aa80be070f577376e484610e01c5171a

          SHA256

          0d8190fd619feb20df123931108d499132f7051f1ebb0ef246082f4c52c88b22

          SHA512

          036b93457ade632ad68264d81ff26ee1156038e234c606882386d6babcbe722a18e9ced1655f97caecaf5fd514e261dafe999a3e9fec00cc677e177f0bf8e203

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_MEI28562\api-ms-win-core-file-l2-1-0.dll
          Filesize

          20KB

          MD5

          50abf0a7ee67f00f247bada185a7661c

          SHA1

          0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

          SHA256

          f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

          SHA512

          c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_MEI28562\api-ms-win-core-localization-l1-2-0.dll
          Filesize

          21KB

          MD5

          0414909b279ea61ca344edbe8e33e40b

          SHA1

          4ece0dabe954c43f9bd5032de76ec29c47b22e10

          SHA256

          05b0c773a77850f3d50ddb4b82cc4d5f19316fe1aaa65e21b4709ae73f60a28e

          SHA512

          edbd33540cd1ef69f2ce824cfb991903ec6e4edda815f07d610247594ceeb2ebc78f05a44b4de8c5c937191b7e8b2ef221423c06df303d73deea721c25d15eed

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_MEI28562\api-ms-win-core-processthreads-l1-1-1.dll
          Filesize

          21KB

          MD5

          b1ba47d8389c40c2dda3c56cbed14fc5

          SHA1

          2eef9ffa32171d53affa44e3db7727aa383f7fac

          SHA256

          c7277c05dc6b905fad5cb930b0ecfbbc4676b46974b4571e54ca44cb6f6be404

          SHA512

          466e31f17f73bda5149343b23f4966502a8597d2a2e43f9a6c9c32387451d92c6b658ccaae27044e68e4a9fd0ef9c89e32dc7639d59fcf04c596b6abfa09658b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_MEI28562\api-ms-win-core-timezone-l1-1-0.dll
          Filesize

          21KB

          MD5

          953c63ef10ec30ef7c89a6f0f7074041

          SHA1

          4b4f1ff3085fded9dbd737f273585ad43175b0a3

          SHA256

          c93954167c12e15b58ac95240d2e0a2fbd94561d739d9f6aca906d9c30453496

          SHA512

          b4534785e4d02ad387e3c6082884d438cc4b3cd8758aabcf99620052f5842dbd298351bc1723c274d4f7d3fce0cc940df3d47865fece2f07cdb1151376ba852e

          Download Submit