Analysis
-
max time kernel
104s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
18/04/2025, 04:43
General
-
Target
AKL.exe
-
Size
228KB
-
MD5
4f0592beb14e55d9295afbc005faef07
-
SHA1
dd0533f0d0d8eae441cba614a40d896fb7398930
-
SHA256
239e59fc07c7cd95f8f95f9356d916aedf75b844f08d8e500a5143275c50e49d
-
SHA512
9235efb1072e887ef92761a6d8c579d004583f00ad2743343f2fccace95bc3a75b16fb3220274ab372d7185f8203c5ae7a15f8a070ed86ee8d6804d4b3c261eb
-
SSDEEP
3072:OlZpskT76ON9Ou8ugkiUzp9fKGbIgvgWwHuZcMxJpmJ5Tup6bTEnl1yYKRIdB+2r:IpPCxki0zPNcMxbETv/mlYZRcYvZAC
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\AKL.exe"C:\Users\Admin\AppData\Local\Temp\AKL.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\AKL.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\AKL.exeC:\Users\Admin\AppData\Local\Temp\AKL.exe2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-