Overview

overview

5

Static

static

3

alkad.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    35s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 12:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    alkad.exe

  • Size

    3.7MB

  • MD5

    cc35fa8550f2c178d0da4626b780ddf4

  • SHA1

    d716cbf567c3844fe9fcbce1ea0581d1e4d71a58

  • SHA256

    7a8cbaf7d7d5d3572ac4facf1b58454778bd017920e2b925ae7346d4177360a5

  • SHA512

    34299430227ede6ec6d6cbd23ee0e4dc480f71ad01d5f13927d2540c24814bc51aada96e332e43f88676f44caae1351d822b0b52e5137b5b8174731203c2af4c

  • SSDEEP

    98304:7uV68y0ibQPfKcoLypI/fVuSLltBTMhe0rfYxP3B8qb:iVzPfJ7IDLVMhBfCz

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\alkad.exe
    "C:\Users\Admin\AppData\Local\Temp\alkad.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4816
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\alkad.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1188
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\alkad.exe" MD5
        3⤵
          PID:2456
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:3468
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:1492

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/4816-0-0x00000001400D8000-0x0000000140368000-memory.dmp

                Filesize

                2.6MB

                Download

              • memory/4816-6-0x0000000140000000-0x0000000140719000-memory.dmp

                Filesize

                7.1MB

                Download

              • memory/4816-1-0x00007FFB97790000-0x00007FFB97792000-memory.dmp

                Filesize

                8KB

                Download

              • memory/4816-2-0x0000000140000000-0x0000000140719000-memory.dmp

                Filesize

                7.1MB

                Download

              • memory/4816-8-0x0000000140000000-0x0000000140719000-memory.dmp

                Filesize

                7.1MB

                Download

              • memory/4816-11-0x0000000002030000-0x0000000002031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4816-12-0x0000000140000000-0x0000000140719000-memory.dmp

                Filesize

                7.1MB

                Download

              • memory/4816-16-0x00000001400D8000-0x0000000140368000-memory.dmp

                Filesize

                2.6MB

                Download

              • memory/4816-21-0x0000000140000000-0x0000000140719000-memory.dmp

                Filesize

                7.1MB

                Download

              • memory/4816-23-0x0000000140000000-0x0000000140719000-memory.dmp

                Filesize

                7.1MB

                Download

              • memory/4816-24-0x00000001400D8000-0x0000000140368000-memory.dmp

                Filesize

                2.6MB

                Download