Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 05:57

General

  • Target

    3c0ff1476f4da58cc85553ab15fa03cc.exe

  • Size

    100KB

  • MD5

    3c0ff1476f4da58cc85553ab15fa03cc

  • SHA1

    b74fc29e44fd167f17f8e75f74bbc8fe1cf35d0e

  • SHA256

    386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2

  • SHA512

    ee9542916a4411dd035618c71c5407f249d2e02dbe2b979b9cfd69960bd41402d0f9edf9af61a50b4ecd75eeb3da8d896654a70fa46426690ca8926e0697061f

  • SSDEEP

    1536:TGnHF3PKBF8cRjz1HR9HlKGDnIiRlgrquiZ7HxGIo3/e7pKGPXlagvH0Lraw3Rpl:TGnHF3P8u4VpDL/laSUjGU6xr9r0

Score
10/10

Malware Config

Signatures

  • Arkei

    Arkei is an infostealer written in C++.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c0ff1476f4da58cc85553ab15fa03cc.exe
    "C:\Users\Admin\AppData\Local\Temp\3c0ff1476f4da58cc85553ab15fa03cc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Users\Admin\AppData\Local\Temp\ssqq.exe
      "C:\Users\Admin\AppData\Local\Temp\ssqq.exe"
      2⤵
      • Executes dropped EXE
      PID:1744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1212-0-0x0000000000B50000-0x0000000000B70000-memory.dmp

    Filesize

    128KB

  • memory/1212-2-0x000007FEF52F0000-0x000007FEF5CDC000-memory.dmp

    Filesize

    9.9MB

  • memory/1212-9-0x000007FEF52F0000-0x000007FEF5CDC000-memory.dmp

    Filesize

    9.9MB