Overview

overview

10

Static

static

10

2152-10-0x...ry.exe

windows7-x64

10

2152-10-0x...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-09-2023 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2152-10-0x0000000000400000-0x000000000043D000-memory.exe

  • Size

    244KB

  • MD5

    3c5af32d274203fe96f563a7c4ece766

  • SHA1

    d8505fbb37957c38e42570f9d59b549c0af95e91

  • SHA256

    9b5539e45eca744010fc08ef4359c849f930d52d94a60531a791f67e1fd9e2e9

  • SHA512

    3b9bbcf329aaf4814bb1522bdca93c52f84fb0e34c19ee8933f2c248de50ad450384f60962d64672758e79947c99e4a7477408b3be3c93600e4c9a421e3708f2

  • SSDEEP

    3072:Um/E8k9ZjpIn+zNch12KbAwSaSdJSp8pb8EG:N/E8k91rz6/tu8EG

Score
10/10
arkeistealer

Malware Config

Signatures

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2152-10-0x0000000000400000-0x000000000043D000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2152-10-0x0000000000400000-0x000000000043D000-memory.exe"
    1⤵
      PID:3056
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:4504
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2844

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
        Filesize

        16KB

        MD5

        4c5bf652740d080fd2a10218804dba34

        SHA1

        dba5ba603f234ebd8d405672dc0968d836bd5ba0

        SHA256

        1e0626618edea698abf8041d25e6be3f02a01a948969f5671a1278b5fdcbf972

        SHA512

        11f5afd53619aba2ef6e53eaf3f379131fbe3a509d28be936984322c45eaa614116770e6e31b5d2d67145c394955817ce3c43f8306768468aed11dce5d051915

        Download Submit

      • memory/2844-42-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-69-0x000001C942DF0000-0x000001C942DF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-41-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-34-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-35-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-36-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-37-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-38-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-39-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-43-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-33-0x000001C942F50000-0x000001C942F51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-17-0x000001C93A960000-0x000001C93A970000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2844-40-0x000001C942F80000-0x000001C942F81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-44-0x000001C942BA0000-0x000001C942BA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-45-0x000001C942B90000-0x000001C942B91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-47-0x000001C942BA0000-0x000001C942BA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-50-0x000001C942B90000-0x000001C942B91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-53-0x000001C942AD0000-0x000001C942AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-1-0x000001C93A860000-0x000001C93A870000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2844-65-0x000001C942CD0000-0x000001C942CD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-67-0x000001C942CE0000-0x000001C942CE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2844-68-0x000001C942CE0000-0x000001C942CE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3056-0-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download