Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-01-2024 03:37

General

  • Target

    "AKL.exe

  • Size

    218KB

  • MD5

    780bdf7f767d8a85f1844721cd0077fa

  • SHA1

    1ad480226e8532edda9909030cadac61c9a22ba1

  • SHA256

    39f0a4980627c596514e51a540d4e721c8f1bf3d0c9e69abc8b3f11f7c4b9314

  • SHA512

    6d68ac87d611ca8dc3869438346681782df17f70128200edc35a82defc966da2597aaf4416bbd4a7f7b34b5ca424491bf4c4b7148aea02502242519b0c8e0577

  • SSDEEP

    3072:P+efErpiiTTYBA63HxDzIzb6xl7KhnftzEdJZktpFAwl+DLNeIb:PBfKTEb39czbQtKCyrCTMI

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\_AKL.exe
    "C:\Users\Admin\AppData\Local\Temp\_AKL.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads