Overview

overview

10

Static

static

10

AnkaBotPC_...ot.exe

windows7-x64

1

AnkaBotPC_...ot.exe

windows10-2004-x64

7

AnkaBotPC_...er.exe

windows7-x64

1

AnkaBotPC_...er.exe

windows10-2004-x64

1

AnkaBotPC_...xy.exe

windows7-x64

5

AnkaBotPC_...xy.exe

windows10-2004-x64

5

AnkaBotPC_...er.exe

windows7-x64

1

AnkaBotPC_...er.exe

windows10-2004-x64

1

AnkaBotPC_...on.exe

windows7-x64

1

AnkaBotPC_...on.exe

windows10-2004-x64

1

AnkaBotPC_...m.html

windows7-x64

1

AnkaBotPC_...m.html

windows10-2004-x64

1

AnkaBotPC_...47.dll

windows7-x64

3

AnkaBotPC_...47.dll

windows10-2004-x64

3

AnkaBotPC_...eg.dll

windows7-x64

1

AnkaBotPC_...eg.dll

windows10-2004-x64

1

AnkaBotPC_...GL.dll

windows7-x64

1

AnkaBotPC_...GL.dll

windows10-2004-x64

1

AnkaBotPC_...v2.dll

windows7-x64

3

AnkaBotPC_...v2.dll

windows10-2004-x64

3

AnkaBotPC_...GL.dll

windows7-x64

1

AnkaBotPC_...GL.dll

windows10-2004-x64

1

AnkaBotPC_...v2.dll

windows7-x64

1

AnkaBotPC_...v2.dll

windows10-2004-x64

1

AnkaBotPC_...er.dll

windows7-x64

3

AnkaBotPC_...er.dll

windows10-2004-x64

3

AnkaBotPC_...-1.dll

windows7-x64

3

AnkaBotPC_...-1.dll

windows10-2004-x64

3

AnkaBotPC_...ss.exe

windows7-x64

10

AnkaBotPC_...ss.exe

windows10-2004-x64

10

AnkaBotPC_...er.dll

windows7-x64

1

AnkaBotPC_...er.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15-02-2023 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnkaBotPC_4.0.5/AnkaBotPC/Application/Application.exe

  • Size

    117.7MB

  • MD5

    6992783cbf3e0fd73125dc914f75995b

  • SHA1

    070a2d9b2bc21d211e57b4cbe974227aaa25c502

  • SHA256

    1ed51d74a767ef74d7f4ee791ab0cbc5934fbe44e29e0bce16fa2475366194fb

  • SHA512

    4d46570d838d5325bead5b8471b462e3c3c1905606b626f629b783fc4e3ca249e14fc5473473e1f5ac710bc6d067b3f6d9d4e39819c0bde9273b92e1147bf80d

  • SSDEEP

    1572864:2qkzM44nKULV6HvwkHGZVFb729C/qADtB9yvdRJ1slE0Y3oHg8B+U7Hxwr0F2tEm:zTnE9aPorLM9faLTKe6iS+

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe
    "C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:240
    • C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe
      "C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe" --type=gpu-process --field-trial-handle=996,12874517591789078444,7237405156497955841,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Application" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
      2⤵
        PID:1008
      • C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe
        "C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=996,12874517591789078444,7237405156497955841,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --proxy-server --user-data-dir="C:\Users\Admin\AppData\Roaming\Application" --mojo-platform-channel-handle=1204 /prefetch:8
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:288
      • C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe
        "C:\Users\Admin\AppData\Local\Temp\AnkaBotPC_4.0.5\AnkaBotPC\Application\Application.exe" --type=gpu-process --field-trial-handle=996,12874517591789078444,7237405156497955841,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Application" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1064 /prefetch:2
        2⤵
          PID:1872

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/240-55-0x00000000753C1000-0x00000000753C3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/288-89-0x0000000000000000-mapping.dmp
        Download
      • memory/1008-87-0x0000000000000000-mapping.dmp
        Download
      • memory/1872-125-0x0000000000000000-mapping.dmp
        Download