Analysis

  • max time kernel
    137s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 07:09

General

  • Target

    AAFK.exe

  • Size

    5.1MB

  • MD5

    86b3ed4317515d38a15c5098892e2b7c

  • SHA1

    02b6d6fd1b068f9dbd99962f149100552d59b8a0

  • SHA256

    c46467e9766eda6141c54e4306f6eff0417cb24c7a56c96834c83b3bb95f1369

  • SHA512

    eb0cac4b7db1823f1f1c3acc81ca82e1ef4e5519a4b41dc3da66d28f9971da2c8cd2a9b6074fd84fcf59e0dd1df98686e6dbb995ab7077e95a78def5313c6239

  • SSDEEP

    98304:0UfMnCZFpDPvdIWXe+q2WWmQNfTBBGzQuKLQ59PzNYMwbUUQRICgBUfqzR:0cdZfDnd9e+q2WWmQNLBBGZlrOZUUMIR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AAFK.exe
    "C:\Users\Admin\AppData\Local\Temp\AAFK.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Users\Admin\AppData\Local\Temp\AAFK.exe
      "C:\Users\Admin\AppData\Local\Temp\AAFK.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:3340
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3888,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
    1⤵
      PID:4772

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\AAFK.exe.manifest

      Filesize

      1KB

      MD5

      23c05a628bf3ab7fea10d3b003b2a361

      SHA1

      bb453b9f9a1acf85d9c28bac0ab9bc61aa915389

      SHA256

      822b987aca05525d355da813d7310c495b74332372dc9a72e71ecf9dc6d96e64

      SHA512

      e5d39d019dc4bf530ab442486c7b4920e72bac4bc1dd23b6b8962ee83e92fea0d7cef541dc946c5cde86e8549491a35470946656dd745138201aa9f5482df499

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\VCRUNTIME140.dll

      Filesize

      87KB

      MD5

      0e675d4a7a5b7ccd69013386793f68eb

      SHA1

      6e5821ddd8fea6681bda4448816f39984a33596b

      SHA256

      bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

      SHA512

      cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\_ctypes.pyd

      Filesize

      130KB

      MD5

      985d2c5623def9d80d1408c01a8628be

      SHA1

      317c298cb2e1728f9c7f14de2f7764c9861be101

      SHA256

      7257178f704cd43e68cd7bc80f9814385b2e5d4f35d6e198ae99dce9f4118976

      SHA512

      be6a9d3465a5e00e6752a4b681fb8ef75126b132965624d4373b8817d68ed11337b068034ebedcfe59fb9486b86a03e67e81badc29375a776f366bf7f834f0dc

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\_hashlib.pyd

      Filesize

      38KB

      MD5

      d61618c28373d7bbdf1dec7ec2b2b1c1

      SHA1

      51f4bab84620752aedf7d71dcccb577ed518e9fd

      SHA256

      33c4d06c91166db9ece6e6ad6b9fa1344316f995f7db268bf1b7f9c08ed3e6fb

      SHA512

      ca7ca581c8d8d67f43e7858d7b4859fec1228fd1ba6e63711d508c1ab3477a071d40090fdae6ec0c8d1445e15fbb2fc60154e32e03f8398056388f1148f920de

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\_queue.pyd

      Filesize

      27KB

      MD5

      3f536949d0fcae286b08f6a90d4c5198

      SHA1

      04877dff7e8c994e4875a1b85b7388684b97da25

      SHA256

      613c0fc66b1f2f8dccb47f24f1578137a99c5a62550719f0402f13337ad5c60a

      SHA512

      cd59a4a2d839dec513b912e33bd92281a0fdfe0a210ae972cce8b77347e000bb87c8074d8b8cbfeba75158f2b8f3d0669f778fccec0dec936f055616cedbbb4c

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\base_library.zip

      Filesize

      767KB

      MD5

      eb671d3503e4e9bb11d953bba80aa04f

      SHA1

      e8236e2bdca2b6cc889ed0e57dd6879c27685992

      SHA256

      ca3d2485651dd58e22924d2e3ff269400a325f363657eb2980353ae82b2476e2

      SHA512

      d203cc1e2c3e205277a3a659c2908b186fbd5041985b62ee45445fb1853cb213e333159e3704a1b64ac2be528a46c41a07dfa3893b5a7282ac85d7f70dc747d3

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\libcrypto-1_1-x64.dll

      Filesize

      2.4MB

      MD5

      8c75bca5ea3bea4d63f52369e3694d01

      SHA1

      a0c0fd3d9e5688d75386094979171dbde2ce583a

      SHA256

      8513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0

      SHA512

      6d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\python37.dll

      Filesize

      3.6MB

      MD5

      28f9065753cc9436305485567ce894b0

      SHA1

      36ebb3188a787b63fb17bd01a847511c7b15e88e

      SHA256

      6f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a

      SHA512

      c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54

    • C:\Users\Admin\AppData\Local\Temp\_MEI15282\unicodedata.pyd

      Filesize

      1.0MB

      MD5

      2b2156a32b7ef46906517ae49a599c16

      SHA1

      892134a20f118d9326da6c1b98c01f31d771a5d1

      SHA256

      2c5f5abf982e8b4bb5e28d217a5e437907acfb7a7e9ee96cd9fa64c4ba304418

      SHA512

      d6aa25cdfca13db260110b3f34a3d731b325efcaccde5ec36b4f88406841b4ec9c9ab88ad54944eba476772bfd69c3975d9cb1a92994b0ae8e56278353214100