Analysis
-
max time kernel
171s -
max time network
186s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
12/05/2022, 16:25
General
-
Target
ghjkl.exe
-
Size
100KB
-
MD5
c7a310982da68b10360854f9cd78e718
-
SHA1
60140c28e0b7db797a771c2dee081fa3812246db
-
SHA256
df4876573295b4e7beb618db31a015ea617f61b811978bb168d432c4052f7731
-
SHA512
6747fa3f7637922eeaa0feeb25d430dc6ab66fd9f3d22e7e5fd16bad9b75528a8174c34a8baf681950b64e8cdaa6a14e37633592e843c363e75468622ebd2ec3
Score
10/10
Malware Config
Extracted
Family
arkei
Botnet
Default
Signatures
-
Arkei
Arkei is an infostealer written in C++.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ghjkl.exe"C:\Users\Admin\AppData\Local\Temp\ghjkl.exe"1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
120KB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
40KB