Overview

overview

3

Static

static

3

krampus.exe

windows11-21h2-x64

1

Resubmissions

22-12-2024 20:36

241222-zd1n3symeq 3

22-12-2024 20:17

241222-y2xrnaxpfv 3

Analysis

  • max time kernel
    434s
  • max time network
    458s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-12-2024 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    krampus.exe

  • Size

    30.1MB

  • MD5

    6cd355fe43bb4517b5815ff52d6e8a0e

  • SHA1

    b59ecfe2b863435bcb92bee9f56930b1586b0d87

  • SHA256

    808f098b303d6143e317dd8dae9e67ac8d2bcb445427d221aa9ad838aa150de3

  • SHA512

    bf6a4d9e731ec3405fa0c172ba36a74127e8520cbb0d3b0cd6e1ccca21c2521602f61621d33009a0e363ea553bc19bc4ad18c1b4ea8203a409ccbf08ed6cc81e

  • SSDEEP

    393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgn96l+ZArYsFRlQ:R3on1HvSzxAMNnFZArYs4

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\krampus.exe
    "C:\Users\Admin\AppData\Local\Temp\krampus.exe"
    1⤵
      PID:2376
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3960
      • C:\Users\Admin\AppData\Local\Temp\krampus.exe
        "C:\Users\Admin\AppData\Local\Temp\krampus.exe"
        1⤵
          PID:4392
        • C:\Users\Admin\AppData\Local\Temp\krampus.exe
          "C:\Users\Admin\AppData\Local\Temp\krampus.exe"
          1⤵
            PID:2548
          • C:\Users\Admin\AppData\Local\Temp\krampus.exe
            "C:\Users\Admin\AppData\Local\Temp\krampus.exe"
            1⤵
              PID:1840
            • C:\Users\Admin\AppData\Local\Temp\krampus.exe
              "C:\Users\Admin\AppData\Local\Temp\krampus.exe"
              1⤵
                PID:2616
              • C:\Users\Admin\AppData\Local\Temp\krampus.exe
                "C:\Users\Admin\AppData\Local\Temp\krampus.exe"
                1⤵
                  PID:492

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\Desktop\WriteEnable.xlsx.krampus
                  Filesize

                  29KB

                  MD5

                  e6c1f5d0d2edb00ede65346342a5b789

                  SHA1

                  2e55bef569afe92556323f4c64c7306c816985c9

                  SHA256

                  d00d91180df22a353886f90723b056986534d09c6773bb03339593e8885e6606

                  SHA512

                  6924e587dcfa5780c75d73fd1c9246fe388fccfff553df982364812167a527a2f8f8d09ea9ecf6ae45e90ad042a2ff584e160d87b7f266441fb310462c390e2c

                  Download Submit

                • C:\Users\Admin\Documents\HideExpand.xlsx.krampus
                  Filesize

                  32KB

                  MD5

                  c920ee738289c8c1c919a36e5ca7e1f5

                  SHA1

                  f3e2eb812c0e5f24f5a2b403e3ada7f0e5f48871

                  SHA256

                  9b9efd82ab8d13c009972275dfeaacebbf98afa755623d1b80b78af2e7be9486

                  SHA512

                  e1779ff19681d8019f10dc1effdf976f950ddd6ec5386bd8560ee1c6e38a6cb6ad71fd39fc2d95dbd7061bfb98f43830cf61c5611e51614adc04d1e1554e6d50

                  Download Submit

                • C:\Users\Admin\Documents\RequestStep.xlsx.krampus
                  Filesize

                  30KB

                  MD5

                  77723ef9a930be2ebaf0f221bf8fc0e3

                  SHA1

                  16ce86530264411763780e0794fb4cd5a818e126

                  SHA256

                  7163b57de4e658360d6627952ef3544fa48f852d009b69eb76d7a148506cd1c5

                  SHA512

                  7239c84056d6701aa5e298ab55d7934d3df4bf6a4d003aa3550630eacb06f7b7afb05f25628b29b9055a09fd975fc7891120a709aeca4455a4d1d0ab5de94981

                  Download Submit

                • C:\Users\Admin\Documents\RevokeExport.xlsx.krampus
                  Filesize

                  1.6MB

                  MD5

                  8890bd6baa17ac065fa8f6fd011aef2a

                  SHA1

                  ed684ec392cdf3a25a231c45b9be6d6db873ccb2

                  SHA256

                  c500e610568c7e675d7721419a05b7c64dda5bf5096b0982650ff2ed780b00f7

                  SHA512

                  74001c3efcbb526a13cb6800499b8eef874261c922b24f90391e031b111a3197cc195730c5ab56ec0175a129d75c2735bf9c81bd3559efe4bef91999c33169bc

                  Download Submit

                • C:\Users\Admin\Documents\SaveDisable.docx.krampus
                  Filesize

                  48KB

                  MD5

                  476a84bf4410e94e19be29d6e4e79fb0

                  SHA1

                  78841621bc51a642a2f26a099aba488c42bde16a

                  SHA256

                  1be31dddba13d8d64dc4956bb98b01574372635c6ed630789417e43f08ae1656

                  SHA512

                  07038be2d58d8ef64570f05f7272529e2836b944d3701d5b3428c5768fb3806068e5a75e9593f78de2469a9d2720349fa83fa5afb1079e479043ad4de579479c

                  Download Submit

                • C:\Users\Admin\Documents\StopPublish.docx.krampus
                  Filesize

                  45KB

                  MD5

                  d981fd2ec5752f713fca5aec1de78627

                  SHA1

                  a70a97039c6622f4e95c6eecb95dda256f65c6e9

                  SHA256

                  560a082cf5b1f73c26a95ac568f8277d505dd2c49be8365cdd2df9e607d8d59a

                  SHA512

                  7e9715bacf63546344b39bd3f1c38c1b17c8fbeeb10c8637d31450bba2506ca39e4da276ef0a34867109348eb5fc95fa8da1ab39819f149501acc1310350bef8

                  Download Submit

                • C:\Users\Admin\Documents\SwitchGroup.xlsx.krampus
                  Filesize

                  1.4MB

                  MD5

                  78edd76b490ead558e31aded507107bb

                  SHA1

                  d4f39debcecfa79f63d101acefa52c6ebe5cbbf7

                  SHA256

                  213542ddcc4481b2a700dd6db668b38c890dc112b897fb6dfa4002dd7dac9f31

                  SHA512

                  9aab773b8d32efc0068ddaa171471d80570f83b8ca33777eec51516874e975d7343013d320e54f380e0b91b22b4dafa5a4f983dfbb00961e51818135f99dfaf1

                  Download Submit

                • C:\Users\Admin\Documents\UnprotectMount.docx.krampus
                  Filesize

                  36KB

                  MD5

                  bb753c732e3c1b8e4af39f3e71eba962

                  SHA1

                  de4295909fb317f8e40d8c16b2d28045b6626660

                  SHA256

                  6c16816f89ed1cd7cac5d3d5eb626d57d1f47f64c8b7fba29c0007eda9659f10

                  SHA512

                  2324f5a8dcaa8d32b3d1bea60f11d0f1d6a3333ff4527ef049eaf998489b2b95a03987aaea0b2710c65ed2edc047a726327018068e24d8bf652edecf8adf9e79

                  Download Submit