Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 07:09
Behavioral task
behavioral1
Sample
AAFK.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
AAFK.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
AAFK.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
AAFK.pyc
Resource
win10v2004-20240508-en
General
-
Target
AAFK.exe
-
Size
5.1MB
-
MD5
86b3ed4317515d38a15c5098892e2b7c
-
SHA1
02b6d6fd1b068f9dbd99962f149100552d59b8a0
-
SHA256
c46467e9766eda6141c54e4306f6eff0417cb24c7a56c96834c83b3bb95f1369
-
SHA512
eb0cac4b7db1823f1f1c3acc81ca82e1ef4e5519a4b41dc3da66d28f9971da2c8cd2a9b6074fd84fcf59e0dd1df98686e6dbb995ab7077e95a78def5313c6239
-
SSDEEP
98304:0UfMnCZFpDPvdIWXe+q2WWmQNfTBBGzQuKLQ59PzNYMwbUUQRICgBUfqzR:0cdZfDnd9e+q2WWmQNLBBGZlrOZUUMIR
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
pid Process 3032 AAFK.exe 3032 AAFK.exe 3032 AAFK.exe 3032 AAFK.exe 3032 AAFK.exe 3032 AAFK.exe 3032 AAFK.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: 35 3032 AAFK.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2392 wrote to memory of 3032 2392 AAFK.exe 29 PID 2392 wrote to memory of 3032 2392 AAFK.exe 29 PID 2392 wrote to memory of 3032 2392 AAFK.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\AAFK.exe"C:\Users\Admin\AppData\Local\Temp\AAFK.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Users\Admin\AppData\Local\Temp\AAFK.exe"C:\Users\Admin\AppData\Local\Temp\AAFK.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3032
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD523c05a628bf3ab7fea10d3b003b2a361
SHA1bb453b9f9a1acf85d9c28bac0ab9bc61aa915389
SHA256822b987aca05525d355da813d7310c495b74332372dc9a72e71ecf9dc6d96e64
SHA512e5d39d019dc4bf530ab442486c7b4920e72bac4bc1dd23b6b8962ee83e92fea0d7cef541dc946c5cde86e8549491a35470946656dd745138201aa9f5482df499
-
Filesize
87KB
MD50e675d4a7a5b7ccd69013386793f68eb
SHA16e5821ddd8fea6681bda4448816f39984a33596b
SHA256bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66
-
Filesize
38KB
MD5d61618c28373d7bbdf1dec7ec2b2b1c1
SHA151f4bab84620752aedf7d71dcccb577ed518e9fd
SHA25633c4d06c91166db9ece6e6ad6b9fa1344316f995f7db268bf1b7f9c08ed3e6fb
SHA512ca7ca581c8d8d67f43e7858d7b4859fec1228fd1ba6e63711d508c1ab3477a071d40090fdae6ec0c8d1445e15fbb2fc60154e32e03f8398056388f1148f920de
-
Filesize
27KB
MD53f536949d0fcae286b08f6a90d4c5198
SHA104877dff7e8c994e4875a1b85b7388684b97da25
SHA256613c0fc66b1f2f8dccb47f24f1578137a99c5a62550719f0402f13337ad5c60a
SHA512cd59a4a2d839dec513b912e33bd92281a0fdfe0a210ae972cce8b77347e000bb87c8074d8b8cbfeba75158f2b8f3d0669f778fccec0dec936f055616cedbbb4c
-
Filesize
767KB
MD5eb671d3503e4e9bb11d953bba80aa04f
SHA1e8236e2bdca2b6cc889ed0e57dd6879c27685992
SHA256ca3d2485651dd58e22924d2e3ff269400a325f363657eb2980353ae82b2476e2
SHA512d203cc1e2c3e205277a3a659c2908b186fbd5041985b62ee45445fb1853cb213e333159e3704a1b64ac2be528a46c41a07dfa3893b5a7282ac85d7f70dc747d3
-
Filesize
2.4MB
MD58c75bca5ea3bea4d63f52369e3694d01
SHA1a0c0fd3d9e5688d75386094979171dbde2ce583a
SHA2568513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0
SHA5126d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5
-
Filesize
3.6MB
MD528f9065753cc9436305485567ce894b0
SHA136ebb3188a787b63fb17bd01a847511c7b15e88e
SHA2566f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a
SHA512c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54
-
Filesize
1.0MB
MD52b2156a32b7ef46906517ae49a599c16
SHA1892134a20f118d9326da6c1b98c01f31d771a5d1
SHA2562c5f5abf982e8b4bb5e28d217a5e437907acfb7a7e9ee96cd9fa64c4ba304418
SHA512d6aa25cdfca13db260110b3f34a3d731b325efcaccde5ec36b4f88406841b4ec9c9ab88ad54944eba476772bfd69c3975d9cb1a92994b0ae8e56278353214100
-
Filesize
130KB
MD5985d2c5623def9d80d1408c01a8628be
SHA1317c298cb2e1728f9c7f14de2f7764c9861be101
SHA2567257178f704cd43e68cd7bc80f9814385b2e5d4f35d6e198ae99dce9f4118976
SHA512be6a9d3465a5e00e6752a4b681fb8ef75126b132965624d4373b8817d68ed11337b068034ebedcfe59fb9486b86a03e67e81badc29375a776f366bf7f834f0dc