Overview

overview

10

Static

static

10

1052-54-0x...ry.exe

windows7-x64

10

1052-54-0x...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-03-2023 07:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1052-54-0x0000000000400000-0x000000000043D000-memory.exe

  • Size

    244KB

  • MD5

    1a72bc03323d127a89d6a92f150fdac5

  • SHA1

    1425f54aa483cbba77bc0ad31c401ff8f272f58c

  • SHA256

    d9c859123bb7c150ae7576e55e4b1639988912641d5882f247a9666999584c2b

  • SHA512

    59b61134fd2a980cdcabde571fcba86d96416d77a1093f83966b76296e0fc0aa9b077a70cc8294025816cf3e2cc3d15e209b95733df3f72eb6470a06f3ca12c0

  • SSDEEP

    1536:UYz/E8hW9NdYAygNlvhIoOl9SAKD7PNch1ZmmImh1ADN8blGe5SagvHLNaV86J3n:Um/E8k9ZjpIL+zNch12KbAwSaSyJSp8

Score
10/10
arkeistealer

Malware Config

Signatures

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1052-54-0x0000000000400000-0x000000000043D000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\1052-54-0x0000000000400000-0x000000000043D000-memory.exe"
    1⤵
      PID:564
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 216
        2⤵
        • Program crash
        PID:2776
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 564 -ip 564
      1⤵
        PID:632

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/564-133-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download