85ff3302cf0e4ce4afca38e8e643456515b18aaa457d47e9c6a22b54bd655639

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Akrien.exe
Size

8.3MB
MD5

ab0386ba161312b4dd95bcf5dccf0857
SHA1

21f59e2d604192ba0bace9ef6677a0c446e73a24
SHA256

9ac1e8afeb9b4fa8e960ea2a26835b40920575b83d503f959056ab5d37a17790
SHA512

c490c5c1c355097b90cddd6894bf205278d4469cedf398b2f919233ba8bf4818935138d2733fa41655dbe816e928db79d2aad821739e69af6342075a0ff5707f
SSDEEP

196608:FyuqmN0ZqZJzwfI9jUC2XMvH8zPjweaBpZ0cM6T2ooccXK7oSV:rOLIH2XgHq+jq8S3YoY

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2728	Akrien.exe
2728	Akrien.exe
2728	Akrien.exe
2728	Akrien.exe
2728	Akrien.exe
2728	Akrien.exe
2728	Akrien.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019f58-73.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2728	2860	Akrien.exe	30
PID 2860 wrote to memory of 2728	2860	Akrien.exe	30
PID 2860 wrote to memory of 2728	2860	Akrien.exe	30

C:\Users\Admin\AppData\Local\Temp\Akrien.exe
"C:\Users\Admin\AppData\Local\Temp\Akrien.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\Akrien.exe
  "C:\Users\Admin\AppData\Local\Temp\Akrien.exe"
  2⤵
  - Loads dropped DLL
  PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28602\python312.dll

Filesize
1.7MB

MD5
2996cbf9598eb07a64d66d4c3aba4b10

SHA1
ac176ab53cdef472770d27a38db5bd6eb71a5627

SHA256
feba57a74856dedb9d9734d12c640ca7f808ead2db1e76a0f2bcf1e4561cd03f

SHA512
667e117683d94ae13e15168c477800f1cd8d840e316890ec6f41a6e4cefd608536655f3f6d7065c51c6b1b8e60dd19aa44da3f9e8a70b94161fd7dc3abf5726c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28602\ucrtbase.dll

Filesize
1.1MB

MD5
3cf4863a6f8924a11800a7e3cf357496

SHA1
2a98263f9d6b2813e894cfcc031105b945f84ed5

SHA256
1bd1668ad61a6c3a906c64e9866d81e4598a4ccbae8b91415cd48049ad43a65d

SHA512
ecb481b241704ce3358449d5a85da0b328dea97c5e6f2f42c89531777b53c19fbfad3d3ae76f7bb0189fcc3c84b97b27bbf7a41203ed9750c330a8fd0504fc39

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28602\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
5c3cb67215c96d716266f7fc3e6ba874

SHA1
cb55971b992e0499263a3e40d9739ea5d3fa5003

SHA256
5889d4087643cabf4353bffad537faab3d9cee7adcc256341c39864255ef784f

SHA512
e091551c3e4e55686e16c054143f95b36625919ec4feb6f6b77a5762f48a230cbf28d876ce5ce7d804eb74efba38c290b2a8efdf6b2b9fc8e3974cec09d6b5b8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28602\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
96a6b34ccc5fc70028b5aae70c4b8c05

SHA1
f820b7d9a8e2202463b5d5b2144e9b24a39c730d

SHA256
26f91075d7d1b13c4dffab35a51441f3741d90cea88c41a1775508610b740719

SHA512
f098db40625bffd82479e47a0191aff7f79fd661b46b2228eaf4ec31c877ed25b333b8a21bcfc2a72bb76ec7b84443dc42c126974524aecc69bd4ea9ccb5aa3c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28602\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
2673f46e4954459b5a01154404fe8970

SHA1
1187f50c410bd3e3800242a17b915373eed7f89a

SHA256
b1b99194f2e95d7e6807db83967301da1338da9b0ac593214e845e137f84cd25

SHA512
67523210407601245764c8ea56d6304f9e55efda95aa97198fe9981312e3bd1310853985f97041dd491aa993254634c4f6921fc1145c8c2cc663522bf162f7fb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28602\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
548844894ca5a199e0a45b1ef346c4ad

SHA1
7867dd4f0786cb197c8b4f94767508c1210fdf17

SHA256
f5290377db93922ed117d0feffa03b81557e839d98e1d73b1d9344fbcf8563e1

SHA512
35905d2a7fd27ee5bf7cb6bcc63c9938ccc3d53b7c82b9734fdaa90e2612ac956f674f8cac2548d5fa8b9b686d53c96e31e02acca23f076c6c7135fd6f4c71b1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28602\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
28d76848e970c69b849fb3dedac27983

SHA1
8b6d3648b80c9fa91e662d7555003bac3faacacd

SHA256
8ee1797c34382212cf4094743e01d6b3d1d69dcd14ce7c13b1d663f07e57dc5b

SHA512
2209da5cdb705f4ca3815ecc3d034178acfb44c8a03edc625592a41c70f03f9ee7b8921f0019a363aae4eb07d9b14dc844abdbc5bec8d2690359a59492f625ed

Download Submit
memory/2728-75-0x000007FEF56F0000-0x000007FEF5DB2000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads