Overview

overview

7

Static

static

3

Akiserver.zip

windows7-x64

1

Akiserver.zip

windows10-2004-x64

1

Akiserver/...er.exe

windows7-x64

1

Akiserver/...er.exe

windows10-2004-x64

7

Akiserver/...LOG.md

windows7-x64

3

Akiserver/...LOG.md

windows10-2004-x64

3

Akiserver/...ICENSE

windows7-x64

1

Akiserver/...ICENSE

windows10-2004-x64

1

Akiserver/...DME.md

windows7-x64

3

Akiserver/...DME.md

windows10-2004-x64

3

Akiserver/...e.json

windows7-x64

3

Akiserver/...e.json

windows10-2004-x64

3

Akiserver/...e/pnpm

windows7-x64

1

Akiserver/...e/pnpm

windows10-2004-x64

1

Akiserver/...pm.exe

windows7-x64

1

Akiserver/...pm.exe

windows10-2004-x64

1

Akiserver/...are.js

windows7-x64

1

Akiserver/...are.js

windows10-2004-x64

1

Akiserver/...tup.js

windows7-x64

1

Akiserver/...tup.js

windows10-2004-x64

1

Akiserver/...ks.dat

windows7-x64

3

Akiserver/...ks.dat

windows10-2004-x64

3

Akiserver/...p.json

windows7-x64

3

Akiserver/...p.json

windows10-2004-x64

3

Akiserver/...t.json

windows7-x64

3

Akiserver/...t.json

windows10-2004-x64

3

Akiserver/...e.json

windows7-x64

3

Akiserver/...e.json

windows10-2004-x64

3

Akiserver/...s.json

windows7-x64

3

Akiserver/...s.json

windows10-2004-x64

3

Akiserver/...h.json

windows7-x64

3

Akiserver/...h.json

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2024 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Akiserver/Aki_Data/Server/configs/airdrop.json

  • Size

    15KB

  • MD5

    d857ea1faf95d29af60c712a176d3214

  • SHA1

    80d9f3f34b3d6444432a1d0d5ffc5c0f7b54850a

  • SHA256

    fe252c2ec8f211e4d7502b91e8d5a2fa2e9a523b70b9d2650520ab0e56b6ac7b

  • SHA512

    fab25fe80e90431aecd46c25c68097c2b9cca618359a1b0e7af3e8fb0ad0d39af926a38cff6fcbcb6e715596327fef4570bcf334f79b2d928f008aef7040d3b5

  • SSDEEP

    192:l6wWLdNfA9rleTrLdNtO9llq4zLdwleTAALdyleTg:lL2dN6pu/dNunq4ndAuAYdmug

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Akiserver\Aki_Data\Server\configs\airdrop.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Akiserver\Aki_Data\Server\configs\airdrop.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Akiserver\Aki_Data\Server\configs\airdrop.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4f4d8fe9b46ef684d2a7a7560aea4621

    SHA1

    0cfa3fc73db4ddfd2b41b7caec7497586d38b41c

    SHA256

    2bf035c16038d6fc466020613a62e3eb2391bb4374bd3575ce4684d73a6ad1d3

    SHA512

    388ac3814488496deb15a8f702976be1f1089e8b3ddc44570527b0a01fa0cc6735ed2026b9638aa9b4d2ad6071f7afa56a9d58d93056de9ef679a061bfdb0e12

    Download Submit