Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    31-08-2024 16:00

General

  • Target

    tools/ak3-core.sh

  • Size

    32KB

  • MD5

    273e5ec7fcf39c7b5141c70258aa3506

  • SHA1

    7baa42a0c313b9eb71424267595cadb08e909e51

  • SHA256

    1537bb4c91d3c0d3983bec077f9306daf1959caeae685b0937a37cbdfbafcc57

  • SHA512

    11d04760fcfb947c1d59edfb50e6db2cb0fcd4975a40961210a1df275feeac40cb243aa6d7a6573aa6f12b5b682d36a15ef89d3ce60da190c43a18403c92d480

  • SSDEEP

    768:8dDlySKKreeJIzYv78vn5vK4HO9Ex0xe53E3QG027ZLMI0kGD1IzpcLZg:/aeeJIzfD1Izv

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\tools\ak3-core.sh
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\tools\ak3-core.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2984
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\tools\ak3-core.sh"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    566c3f84361ecb41f89fb51b5ba2f782

    SHA1

    d51958265a40096b16f797907afa25c60429faf4

    SHA256

    b4f71fe2a309266979debe1e78ee68a68dcc99cc27051e3a5a32353e9576e723

    SHA512

    cf9f72064993fd26290aedfb93fd6d1323bf6b7b5f7a8bce54136bd38bf0aebeec5c4f97ef97be1d579b17932a56d25964f822fb7e7b51e7ca27d75cba81238f