3d535198ebf1e519e4f58c9aaca1b1e00c9b375c6f79cd3cca5f0b70f0a3dcd5 | Triage

Submit
Reports

Overview

overview

Static

static

Optimizer-14.8.exe

windows10-1703-x64

Sharing

General

Target

Optimizer-14.8.exe
Size

2.1MB
Sample

230130-y3r8kacf66
MD5

8d7df991938615da66351c6ff74b9d3d
SHA1

c578d96f7a34816ba3b2cf2ace512e9d0da9e437
SHA256

3d535198ebf1e519e4f58c9aaca1b1e00c9b375c6f79cd3cca5f0b70f0a3dcd5
SHA512

93d5c39aef54bd2da111e62d3ead58a55b6dabed5e713412ab9b3a9ff4ca3979e9899cc8cb79921ae14d8f2e0547786b1977e3a0c4ee5336891f432b03261da1
SSDEEP

24576:KvC0vZ1r+ewP85NWrnwED8XJV9WwhBA/ZTvQD0XY0AJBSjRlXP36RMG:Krr+ewP85NhED8Xv9WwhEAJBSjh

Score

10^/10

discovery evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Optimizer-14.8.exe

Resource

win10-20220812-en

discovery evasion persistence ransomware

windows10-1703-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  Optimizer-14.8.exe
- Size
  
  2.1MB
- MD5
  
  8d7df991938615da66351c6ff74b9d3d
- SHA1
  
  c578d96f7a34816ba3b2cf2ace512e9d0da9e437
- SHA256
  
  3d535198ebf1e519e4f58c9aaca1b1e00c9b375c6f79cd3cca5f0b70f0a3dcd5
- SHA512
  
  93d5c39aef54bd2da111e62d3ead58a55b6dabed5e713412ab9b3a9ff4ca3979e9899cc8cb79921ae14d8f2e0547786b1977e3a0c4ee5336891f432b03261da1
- SSDEEP
  
  24576:KvC0vZ1r+ewP85NWrnwED8XJV9WwhBA/ZTvQD0XY0AJBSjRlXP36RMG:Krr+ewP85NhED8Xv9WwhEAJBSjh
Score

10^/10

discovery evasion persistence ransomware
- Modifies visibility of file extensions in Explorer
  evasion
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Disables use of System Restore points
  evasion
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Stops running service(s)
  evasion
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

File Deletion

File and Directory Permissions Modification

Hidden Files and Directories

Impair Defenses

Modify Registry

Web Service

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Inhibit System Recovery

Service Stop

Tasks

static1

behavioral1

discoveryevasionpersistenceransomware

© 2018-2025

Terms | Privacy