Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-03-2024 02:37

General

  • Target

    AFKJourneyUninst.exe

  • Size

    4.1MB

  • MD5

    f2dc7d2733d165e77b62c68206aa2eee

  • SHA1

    67dcc9a09c4aed29e7563572a7aee145fcf6ac49

  • SHA256

    5aa20c035ad691041d9b5077b739238a4d061ea4e076fc5e019259ffa0e96045

  • SHA512

    dc06d87a983eafe3df320ed1a5ed16f9c9b1beb45192e7c3f33c40e477d865edec9635058786dc84928e5545b613afde4cc2161cb3e8283fc17877086d3f0e2a

  • SSDEEP

    98304:Go/xE2yLn8O7A0vOrcn/K/xFq0n3NvMCjwEK43ylc8d6ziVV:XxE2yDCIO9jPn3Zhj3w6ziVV

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AFKJourneyUninst.exe
    "C:\Users\Admin\AppData\Local\Temp\AFKJourneyUninst.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nst5775.tmp\NsLauncher.dll

    Filesize

    6.4MB

    MD5

    619afd4d3db1162e81a9b1d2613599e4

    SHA1

    8ff866c26e6dba79e9c6375173080aa3f632867a

    SHA256

    8dbe1d37ecba8ea3bd95ac17c51e57136fdca858d3393d8126f2e9c49c49d410

    SHA512

    ba13410e10e112568ee8c32416982ca754ad37079f26a6cefaabd70cb42d6a215cf0adc202c11bd74b3544f9d95445f637b50a6bd90b5698eee000929449c873

  • \Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

    Filesize

    4.1MB

    MD5

    f2dc7d2733d165e77b62c68206aa2eee

    SHA1

    67dcc9a09c4aed29e7563572a7aee145fcf6ac49

    SHA256

    5aa20c035ad691041d9b5077b739238a4d061ea4e076fc5e019259ffa0e96045

    SHA512

    dc06d87a983eafe3df320ed1a5ed16f9c9b1beb45192e7c3f33c40e477d865edec9635058786dc84928e5545b613afde4cc2161cb3e8283fc17877086d3f0e2a