96a2c02c92ab985233d04134b496252530282c745f3a142a359878cacd2a9025

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2024 21:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KRLN/KRNL Remake.exe
Size

506KB
MD5

e827bd09934709f4955b0e7ea4509ae7
SHA1

4c7364758d5891c10fd603cbf104b0e9413ff4b1
SHA256

2ffc609f2556ed208c7aea6e4217c9c1e337e4004c1c0981bf455953d0b8a34e
SHA512

e17d5a319d5e6725297bf95683aad15dd72604c0d70b6bf4a438cb07ac6fec8c5dd42209961f0ebaf14fbd64735569f25092f7df1a50b43bd8c6d121decfa55f
SSDEEP

3072:vfTc9bvGjdh559dJ12QcVXqLRY3pClghBCWyyCzn8sZL3l4gxHC2E+JQLujdX:v8GvL9d2VaLa3pClghtyV8sug5Iu

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	KRNL Remake.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\KRNL Remake.exe = "11001"	KRNL Remake.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2668	KRNL Remake.exe
2668	KRNL Remake.exe

C:\Users\Admin\AppData\Local\Temp\KRLN\KRNL Remake.exe
"C:\Users\Admin\AppData\Local\Temp\KRLN\KRNL Remake.exe"
1⤵
- Enumerates connected drives
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2668-0-0x00007FFB253C3000-0x00007FFB253C5000-memory.dmp

Filesize
8KB

Download
memory/2668-1-0x000001B4F4A50000-0x000001B4F4AD4000-memory.dmp

Filesize
528KB

Download
memory/2668-2-0x000001B4F6740000-0x000001B4F6782000-memory.dmp

Filesize
264KB

Download
memory/2668-3-0x00007FFB253C0000-0x00007FFB25E81000-memory.dmp

Filesize
10.8MB

Download
memory/2668-4-0x000001B4F68F0000-0x000001B4F68FA000-memory.dmp

Filesize
40KB

Download
memory/2668-5-0x00007FFB253C0000-0x00007FFB25E81000-memory.dmp

Filesize
10.8MB

Download
memory/2668-6-0x00007FFB253C0000-0x00007FFB25E81000-memory.dmp

Filesize
10.8MB

Download
memory/2668-7-0x00007FFB253C0000-0x00007FFB25E81000-memory.dmp

Filesize
10.8MB

Download
memory/2668-9-0x00007FFB253C0000-0x00007FFB25E81000-memory.dmp

Filesize
10.8MB

Download
memory/2668-13-0x000001BCFC510000-0x000001BCFCCB6000-memory.dmp

Filesize
7.6MB

Download
memory/2668-14-0x00007FFB253C0000-0x00007FFB25E81000-memory.dmp

Filesize
10.8MB

Download
memory/2668-15-0x000001B4F7390000-0x000001B4F7539000-memory.dmp

Filesize
1.7MB

Download