7d8b06e433c1eb797aaaa5957088a414f0dc8d9cd19302dbd2905df61dedb84b

Resubmissions

13-10-2024 03:58

241013-ejjbrsyaqb 3

13-10-2024 03:55

241013-egwjbaxhrh 3

Analysis

max time kernel
33s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sss/kitty.cc temp free.exe
Size

2.3MB
MD5

6e1a1ffb10d212e5e9562342afa026be
SHA1

c544d57ad94e0020d0f82e7d6ef8e463e95f8724
SHA256

e8a2b0de7c644d96eba81c0797127f4328005b93e6e1b8c7547c75b4c1f29bcc
SHA512

cc297e173e448b9a9a5194b4eab408bfde6fbcdfbb09cffb67331033070fa68feb2a67a4e4021dc19b73d959f18ad3fdd1f6c33d58dbb67631bdf29e82c543ac
SSDEEP

49152:amMK1130Prnv4r0u04r0uf07ITYbNbNWo4kSH3OqtwIW+M:amh07szVzMIT4bNJFY3Oqta+

Score

3^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kitty.cc temp free.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	kitty.cc temp free.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	kitty.cc temp free.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	kitty.cc temp free.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1728	2204	kitty.cc temp free.exe	91
PID 2204 wrote to memory of 1728	2204	kitty.cc temp free.exe	91
PID 2204 wrote to memory of 1728	2204	kitty.cc temp free.exe	91
PID 1728 wrote to memory of 1940	1728	cmd.exe	93
PID 1728 wrote to memory of 1940	1728	cmd.exe	93
PID 1728 wrote to memory of 1940	1728	cmd.exe	93
PID 2204 wrote to memory of 1728	2204	kitty.cc temp free.exe	91
PID 2204 wrote to memory of 1728	2204	kitty.cc temp free.exe	91
PID 2204 wrote to memory of 1728	2204	kitty.cc temp free.exe	91
PID 1728 wrote to memory of 1940	1728	cmd.exe	93
PID 1728 wrote to memory of 1940	1728	cmd.exe	93
PID 1728 wrote to memory of 1940	1728	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\sss\kitty.cc temp free.exe
"C:\Users\Admin\AppData\Local\Temp\sss\kitty.cc temp free.exe"
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Windows\SysWOW64\netsh.exe
    netsh interface set interface name="Ethernet" admin=disable
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:1940

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2204-0-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/2204-1-0x0000000000F20000-0x000000000116E000-memory.dmp

Filesize
2.3MB

Download
memory/2204-2-0x0000000006030000-0x00000000065D4000-memory.dmp

Filesize
5.6MB

Download
memory/2204-3-0x0000000005B20000-0x0000000005BB2000-memory.dmp

Filesize
584KB

Download
memory/2204-4-0x00000000059F0000-0x00000000059FA000-memory.dmp

Filesize
40KB

Download
memory/2204-5-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/2204-6-0x00000000065E0000-0x00000000067F4000-memory.dmp

Filesize
2.1MB

Download
memory/2204-7-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/2204-8-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/2204-9-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/2204-0-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/2204-1-0x0000000000F20000-0x000000000116E000-memory.dmp

Filesize
2.3MB

Download
memory/2204-2-0x0000000006030000-0x00000000065D4000-memory.dmp

Filesize
5.6MB

Download
memory/2204-3-0x0000000005B20000-0x0000000005BB2000-memory.dmp

Filesize
584KB

Download
memory/2204-4-0x00000000059F0000-0x00000000059FA000-memory.dmp

Filesize
40KB

Download
memory/2204-5-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/2204-6-0x00000000065E0000-0x00000000067F4000-memory.dmp

Filesize
2.1MB

Download
memory/2204-7-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/2204-8-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/2204-9-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads