Overview

overview

7

Static

static

3

AION CFG EDITOR.exe

windows7-x64

4

AION CFG EDITOR.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 13:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    AION CFG EDITOR.exe

  • Size

    8.7MB

  • MD5

    6847571497e49c5151a10d8c0738f334

  • SHA1

    90127356b1ba2bc3caee424e1bd529e8bcc94528

  • SHA256

    11f96a7a3d399070035739769fc8aca5a51dbd2896cb12e875cae3e0a43866c0

  • SHA512

    ffabb76cc73912ad2cbaa62ce31118806bf3287108e935e5899f701d46c25f85d8de2ab9b497728a0bdaf629831346d270cd57b6f7dfaafad1853d2cdf015145

  • SSDEEP

    196608:gvw0TykZE+/r2UuU/KTD/avqkFFdizuSTZkMoEp:g1Gk3r2UuU/KTTyJSZP

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 31 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AION CFG EDITOR.exe
    "C:\Users\Admin\AppData\Local\Temp\AION CFG EDITOR.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:3024

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\evb6FEB.tmp
          Filesize

          1KB

          MD5

          e0a3123905f637f7206af2e2f1e52714

          SHA1

          1d19c0b448974555650d3008ec079cf92c94d59e

          SHA256

          d0d0d9208b87219bb16c92f468728ae3e73816d5d06f7eaa8bbb89458c0c42c2

          SHA512

          aa03865b0d7ae0cd164fcd3e937d8d67588ef8e2beb49e718301b77cbecb054d2c6daf957e5ecd29105f1f7685fd94210bddb459c48f4c939b868708941f2c8a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\evb70CB.tmp
          Filesize

          1KB

          MD5

          9d5e81a45483cbbdddd16cb8484af261

          SHA1

          979081a8eeb120c4c8960e27ca9ec168f04d6a32

          SHA256

          0dce840424a2c57902032a158c40e2cd25e3aa133503a6bf8d22833fbe452be5

          SHA512

          e507b5eba9d9f73e012c220c54263f8ee5ffc697716376917558a09d00ded2652e583277259a4916766967254fac1bd90dd1e0a214a57aac7dd12e6addce29e2

          Download Submit

        • memory/3024-0-0x0000000000400000-0x000000000044C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3024-2-0x0000000077B50000-0x0000000077B51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3024-5-0x0000000010000000-0x0000000011149000-memory.dmp

          Filesize

          17.3MB

          Download

        • memory/3024-4-0x0000000010000000-0x0000000011149000-memory.dmp

          Filesize

          17.3MB

          Download

        • memory/3024-14-0x0000000000380000-0x00000000003ED000-memory.dmp

          Filesize

          436KB

          Download

        • memory/3024-13-0x0000000000380000-0x00000000003ED000-memory.dmp

          Filesize

          436KB

          Download

        • memory/3024-18-0x00000000005E0000-0x00000000005F4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3024-17-0x00000000005E0000-0x00000000005F4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3024-24-0x0000000002220000-0x0000000002338000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3024-22-0x00000000003F0000-0x00000000003F4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3024-26-0x0000000002220000-0x0000000002338000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3024-33-0x0000000000600000-0x0000000000603000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-34-0x0000000000820000-0x0000000000823000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-38-0x0000000000830000-0x0000000000833000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-44-0x0000000002340000-0x0000000002343000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-43-0x0000000000400000-0x000000000044C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3024-41-0x0000000000840000-0x0000000000843000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-65-0x00000000023B0000-0x00000000023B5000-memory.dmp

          Filesize

          20KB

          Download

        • memory/3024-66-0x0000000002350000-0x0000000002353000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-70-0x00000000023C0000-0x00000000023C5000-memory.dmp

          Filesize

          20KB

          Download

        • memory/3024-71-0x00000000023D0000-0x00000000023D3000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-64-0x00000000023A0000-0x00000000023A3000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-63-0x0000000002390000-0x0000000002394000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3024-62-0x0000000002380000-0x0000000002384000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3024-61-0x0000000002370000-0x0000000002373000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-75-0x0000000000380000-0x00000000003ED000-memory.dmp

          Filesize

          436KB

          Download

        • memory/3024-78-0x00000000005E0000-0x00000000005F4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3024-82-0x0000000002400000-0x0000000002403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-85-0x0000000002220000-0x0000000002338000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3024-79-0x00000000023F0000-0x00000000023F3000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-77-0x00000000023E0000-0x00000000023E3000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-59-0x0000000002360000-0x0000000002364000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3024-58-0x0000000010000000-0x0000000011149000-memory.dmp

          Filesize

          17.3MB

          Download

        • memory/3024-86-0x0000000002410000-0x0000000002413000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3024-89-0x0000000002640000-0x0000000002671000-memory.dmp

          Filesize

          196KB

          Download

        • memory/3024-91-0x0000000002640000-0x0000000002671000-memory.dmp

          Filesize

          196KB

          Download

        • memory/3024-93-0x0000000002550000-0x0000000002551000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3024-97-0x0000000003B00000-0x0000000003C3E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-96-0x0000000003B00000-0x0000000003C3E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-102-0x0000000003B00000-0x0000000003C3E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-106-0x0000000000400000-0x000000000044C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3024-107-0x0000000010000000-0x0000000011149000-memory.dmp

          Filesize

          17.3MB

          Download

        • memory/3024-111-0x0000000002220000-0x0000000002338000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3024-109-0x00000000005E0000-0x00000000005F4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3024-131-0x0000000003B00000-0x0000000003C3E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-130-0x0000000002640000-0x0000000002671000-memory.dmp

          Filesize

          196KB

          Download

        • memory/3024-108-0x0000000000380000-0x00000000003ED000-memory.dmp

          Filesize

          436KB

          Download

        • memory/3024-133-0x0000000010000000-0x0000000011149000-memory.dmp

          Filesize

          17.3MB

          Download

        • memory/3024-158-0x0000000002640000-0x0000000002671000-memory.dmp

          Filesize

          196KB

          Download

        • memory/3024-159-0x0000000003B00000-0x0000000003C3E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-160-0x0000000005DD0000-0x0000000005DD1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3024-241-0x0000000000380000-0x00000000003ED000-memory.dmp

          Filesize

          436KB

          Download

        • memory/3024-240-0x0000000000400000-0x000000000044C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3024-242-0x00000000005E0000-0x00000000005F4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3024-243-0x0000000002220000-0x0000000002338000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3024-244-0x0000000010000000-0x0000000011149000-memory.dmp

          Filesize

          17.3MB

          Download

        • memory/3024-246-0x0000000003B00000-0x0000000003C3E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-245-0x0000000002640000-0x0000000002671000-memory.dmp

          Filesize

          196KB

          Download