Analysis

  • max time kernel
    77s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 19:15

General

  • Target

    Akuma/lib/speak/curl/OpenFileBox.exe

  • Size

    12KB

  • MD5

    867ff8be4d59e321f40a5adf1ebafc87

  • SHA1

    6417c2a9c8cf513b3bfe68480878640ce4f43e9b

  • SHA256

    e30eacc0079eea5f32174fc258a717f5bd6671ca7d44911b7f06361590338793

  • SHA512

    a8865d127bf8e5f270cbfe422ce680c6ceb6e744d907b27ba51e84b91302797e9678f46db1d42e8dd4eb918d6135822ead55bae9730d30bef493b3bcaa8d8b01

  • SSDEEP

    192:FsqGtf5/Mh0OEFfrF+jcGwp96RiOTmbJr+e:FsqGtlMhvEJ13D6E5B+

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 47 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Akuma\lib\speak\curl\OpenFileBox.exe
    "C:\Users\Admin\AppData\Local\Temp\Akuma\lib\speak\curl\OpenFileBox.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4996-0-0x00007FF980EF3000-0x00007FF980EF5000-memory.dmp

    Filesize

    8KB

  • memory/4996-1-0x0000000000BA0000-0x0000000000BAA000-memory.dmp

    Filesize

    40KB

  • memory/4996-2-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

    Filesize

    10.8MB

  • memory/4996-3-0x00007FF980EF3000-0x00007FF980EF5000-memory.dmp

    Filesize

    8KB

  • memory/4996-4-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

    Filesize

    10.8MB