728a6c56e86e049d7b1a5b3aa1826b0b43db2c4a5817ff17bb6dd5cc4e4f0f9a

Analysis

max time kernel
142s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 05:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Anti-AFK/Anti-AFK.exe
Size

634KB
MD5

320e45622e82f3fd32409b68f84a3848
SHA1

6a03a6332c5c2d58bbd09bd0dbef1d6cb14f5d3e
SHA256

c806df9ac627f98bd90e782e6643406389fa45513345d4cc31e647ae54fe280f
SHA512

c741ff613ce447e8f95c0603a65e913691376ccbdc74c6f42c1f039bc9ee0107cd332ca48f054cadbaa5ab3cfb208db8b6e4ba522f544cacde90ffd2267927e0
SSDEEP

12288:UjkArEN249AyE/rbaMct4bO2/VK5Por0q5hhD4msell2n:3FE//Tct4bOsk9Yf5hhselgn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/memory/1680-0-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/1680-1-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/1680-2-0x0000000000400000-0x000000000056A000-memory.dmp	upx

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral3/memory/1680-1-0x0000000000400000-0x000000000056A000-memory.dmp	autoit_exe
behavioral3/memory/1680-2-0x0000000000400000-0x000000000056A000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1680	Anti-AFK.exe
1680	Anti-AFK.exe
1680	Anti-AFK.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1680	Anti-AFK.exe
1680	Anti-AFK.exe
1680	Anti-AFK.exe

C:\Users\Admin\AppData\Local\Temp\Anti-AFK\Anti-AFK.exe
"C:\Users\Admin\AppData\Local\Temp\Anti-AFK\Anti-AFK.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-0-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/1680-1-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/1680-2-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download