Overview

overview

10

Static

static

10

AnkaBotPC_...ot.exe

windows7-x64

1

AnkaBotPC_...ot.exe

windows10-2004-x64

7

AnkaBotPC_...er.exe

windows7-x64

1

AnkaBotPC_...er.exe

windows10-2004-x64

1

AnkaBotPC_...xy.exe

windows7-x64

5

AnkaBotPC_...xy.exe

windows10-2004-x64

5

AnkaBotPC_...er.exe

windows7-x64

1

AnkaBotPC_...er.exe

windows10-2004-x64

1

AnkaBotPC_...on.exe

windows7-x64

1

AnkaBotPC_...on.exe

windows10-2004-x64

1

AnkaBotPC_...m.html

windows7-x64

1

AnkaBotPC_...m.html

windows10-2004-x64

1

AnkaBotPC_...47.dll

windows7-x64

3

AnkaBotPC_...47.dll

windows10-2004-x64

3

AnkaBotPC_...eg.dll

windows7-x64

1

AnkaBotPC_...eg.dll

windows10-2004-x64

1

AnkaBotPC_...GL.dll

windows7-x64

1

AnkaBotPC_...GL.dll

windows10-2004-x64

1

AnkaBotPC_...v2.dll

windows7-x64

3

AnkaBotPC_...v2.dll

windows10-2004-x64

3

AnkaBotPC_...GL.dll

windows7-x64

1

AnkaBotPC_...GL.dll

windows10-2004-x64

1

AnkaBotPC_...v2.dll

windows7-x64

1

AnkaBotPC_...v2.dll

windows10-2004-x64

1

AnkaBotPC_...er.dll

windows7-x64

3

AnkaBotPC_...er.dll

windows10-2004-x64

3

AnkaBotPC_...-1.dll

windows7-x64

3

AnkaBotPC_...-1.dll

windows10-2004-x64

3

AnkaBotPC_...ss.exe

windows7-x64

10

AnkaBotPC_...ss.exe

windows10-2004-x64

10

AnkaBotPC_...er.dll

windows7-x64

1

AnkaBotPC_...er.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-02-2023 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnkaBotPC_4.0.5/AnkaBotPC/Application/Application.exe

  • Size

    117.7MB

  • MD5

    6992783cbf3e0fd73125dc914f75995b

  • SHA1

    070a2d9b2bc21d211e57b4cbe974227aaa25c502

  • SHA256

    1ed51d74a767ef74d7f4ee791ab0cbc5934fbe44e29e0bce16fa2475366194fb

  • SHA512

    4d46570d838d5325bead5b8471b462e3c3c1905606b626f629b783fc4e3ca249e14fc5473473e1f5ac710bc6d067b3f6d9d4e39819c0bde9273b92e1147bf80d

  • SSDEEP

    1572864:2qkzM44nKULV6HvwkHGZVFb729C/qADtB9yvdRJ1slE0Y3oHg8B+U7Hxwr0F2tEm:zTnE9aPorLM9faLTKe6iS+

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 47 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe
    "C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:828
    • C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe
      "C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe" --type=gpu-process --field-trial-handle=1524,4419252854426637923,18387840814553173218,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Application" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 /prefetch:2
      2⤵
        PID:4348
      • C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe
        "C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,4419252854426637923,18387840814553173218,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --proxy-server --user-data-dir="C:\Users\Admin\AppData\Roaming\Application" --mojo-platform-channel-handle=1868 /prefetch:8
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2468
      • C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe
        "C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe" --type=gpu-process --field-trial-handle=1524,4419252854426637923,18387840814553173218,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Application" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 /prefetch:2
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1352
    • C:\Windows\System32\CompPkgSrv.exe
      C:\Windows\System32\CompPkgSrv.exe -Embedding
      1⤵
        PID:2564

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1352-136-0x0000000000000000-mapping.dmp

        Download

      • memory/2468-134-0x0000000000000000-mapping.dmp

        Download

      • memory/4348-133-0x0000000000000000-mapping.dmp

        Download