Analysis
-
max time kernel
137s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:09
Behavioral task
behavioral1
Sample
AAFK.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
AAFK.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
AAFK.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
AAFK.pyc
Resource
win10v2004-20240508-en
General
-
Target
AAFK.exe
-
Size
5.1MB
-
MD5
86b3ed4317515d38a15c5098892e2b7c
-
SHA1
02b6d6fd1b068f9dbd99962f149100552d59b8a0
-
SHA256
c46467e9766eda6141c54e4306f6eff0417cb24c7a56c96834c83b3bb95f1369
-
SHA512
eb0cac4b7db1823f1f1c3acc81ca82e1ef4e5519a4b41dc3da66d28f9971da2c8cd2a9b6074fd84fcf59e0dd1df98686e6dbb995ab7077e95a78def5313c6239
-
SSDEEP
98304:0UfMnCZFpDPvdIWXe+q2WWmQNfTBBGzQuKLQ59PzNYMwbUUQRICgBUfqzR:0cdZfDnd9e+q2WWmQNLBBGZlrOZUUMIR
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
pid Process 3340 AAFK.exe 3340 AAFK.exe 3340 AAFK.exe 3340 AAFK.exe 3340 AAFK.exe 3340 AAFK.exe 3340 AAFK.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: 35 3340 AAFK.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1528 wrote to memory of 3340 1528 AAFK.exe 93 PID 1528 wrote to memory of 3340 1528 AAFK.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\AAFK.exe"C:\Users\Admin\AppData\Local\Temp\AAFK.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Users\Admin\AppData\Local\Temp\AAFK.exe"C:\Users\Admin\AppData\Local\Temp\AAFK.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3888,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:81⤵PID:4772
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD523c05a628bf3ab7fea10d3b003b2a361
SHA1bb453b9f9a1acf85d9c28bac0ab9bc61aa915389
SHA256822b987aca05525d355da813d7310c495b74332372dc9a72e71ecf9dc6d96e64
SHA512e5d39d019dc4bf530ab442486c7b4920e72bac4bc1dd23b6b8962ee83e92fea0d7cef541dc946c5cde86e8549491a35470946656dd745138201aa9f5482df499
-
Filesize
87KB
MD50e675d4a7a5b7ccd69013386793f68eb
SHA16e5821ddd8fea6681bda4448816f39984a33596b
SHA256bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66
-
Filesize
130KB
MD5985d2c5623def9d80d1408c01a8628be
SHA1317c298cb2e1728f9c7f14de2f7764c9861be101
SHA2567257178f704cd43e68cd7bc80f9814385b2e5d4f35d6e198ae99dce9f4118976
SHA512be6a9d3465a5e00e6752a4b681fb8ef75126b132965624d4373b8817d68ed11337b068034ebedcfe59fb9486b86a03e67e81badc29375a776f366bf7f834f0dc
-
Filesize
38KB
MD5d61618c28373d7bbdf1dec7ec2b2b1c1
SHA151f4bab84620752aedf7d71dcccb577ed518e9fd
SHA25633c4d06c91166db9ece6e6ad6b9fa1344316f995f7db268bf1b7f9c08ed3e6fb
SHA512ca7ca581c8d8d67f43e7858d7b4859fec1228fd1ba6e63711d508c1ab3477a071d40090fdae6ec0c8d1445e15fbb2fc60154e32e03f8398056388f1148f920de
-
Filesize
27KB
MD53f536949d0fcae286b08f6a90d4c5198
SHA104877dff7e8c994e4875a1b85b7388684b97da25
SHA256613c0fc66b1f2f8dccb47f24f1578137a99c5a62550719f0402f13337ad5c60a
SHA512cd59a4a2d839dec513b912e33bd92281a0fdfe0a210ae972cce8b77347e000bb87c8074d8b8cbfeba75158f2b8f3d0669f778fccec0dec936f055616cedbbb4c
-
Filesize
767KB
MD5eb671d3503e4e9bb11d953bba80aa04f
SHA1e8236e2bdca2b6cc889ed0e57dd6879c27685992
SHA256ca3d2485651dd58e22924d2e3ff269400a325f363657eb2980353ae82b2476e2
SHA512d203cc1e2c3e205277a3a659c2908b186fbd5041985b62ee45445fb1853cb213e333159e3704a1b64ac2be528a46c41a07dfa3893b5a7282ac85d7f70dc747d3
-
Filesize
2.4MB
MD58c75bca5ea3bea4d63f52369e3694d01
SHA1a0c0fd3d9e5688d75386094979171dbde2ce583a
SHA2568513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0
SHA5126d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5
-
Filesize
3.6MB
MD528f9065753cc9436305485567ce894b0
SHA136ebb3188a787b63fb17bd01a847511c7b15e88e
SHA2566f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a
SHA512c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54
-
Filesize
1.0MB
MD52b2156a32b7ef46906517ae49a599c16
SHA1892134a20f118d9326da6c1b98c01f31d771a5d1
SHA2562c5f5abf982e8b4bb5e28d217a5e437907acfb7a7e9ee96cd9fa64c4ba304418
SHA512d6aa25cdfca13db260110b3f34a3d731b325efcaccde5ec36b4f88406841b4ec9c9ab88ad54944eba476772bfd69c3975d9cb1a92994b0ae8e56278353214100