arkei | 12a7ab5eb9471f367e2ec552a31ec7e1a0861bdb0eab1aa4407ab8f17db98a17 | Triage

Analysis

max time kernel
71s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
18-06-2022 07:25

Sharing

Report Analysis Logs

General

Target

1892-54-0x0000000000400000-0x000000000043D000-memory.exe
Size

244KB
MD5

b6856300dead6b88a4c7f18beada37be
SHA1

7548e99573dcd8edd67dfe201853e9d41c511fda
SHA256

12a7ab5eb9471f367e2ec552a31ec7e1a0861bdb0eab1aa4407ab8f17db98a17
SHA512

6e531aa3b56d5c6921ba4c9a5957a2ee928a269819995544788ef09cdfa6b432714b4ca063b4266bc69500fb0a4a90b4bb3946e1a76d9c58c8afb0c0037607d0

Score

10^/10

arkei stealer

Malware Config

Signatures

Arkei
Arkei is an infostealer written in C++.
stealer arkei
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4072 4480 WerFault.exe 1892-54-0x0000000000400000-0x000000000043D000-memory.exe

C:\Users\Admin\AppData\Local\Temp\1892-54-0x0000000000400000-0x000000000043D000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1892-54-0x0000000000400000-0x000000000043D000-memory.exe"
1⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
2⤵
- Program crash
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4480 -ip 4480
1⤵
PID:3708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4480-130-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download