8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2023 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
Size

2.6MB
MD5

160211bd67f9e1438f133a2be3f0b13f
SHA1

51fc4183c2f1e70f17fe8477cd9c7183b9da0534
SHA256

8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332
SHA512

0ffe99334fbae6cd233a4c4ea2fa65e96500645da1b2d808a29ce162ac3fdc3dd2a30ac8b395521ddfaee4fd708791ee5e24089797e26b2f04faa035ccc66037
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Su:+R0pI/IQlUoMPdmpSpc4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1388	abodsys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocYF\\abodsys.exe"	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintWI\\optixsys.exe"	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
1388	abodsys.exe
1388	abodsys.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 1388	2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe	92
PID 2712 wrote to memory of 1388	2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe	92
PID 2712 wrote to memory of 1388	2712	8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe	92

C:\Users\Admin\AppData\Local\Temp\8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe
"C:\Users\Admin\AppData\Local\Temp\8e84b99e92cf4962716581f824f0ba1fdf895e5a352a5e6f1494ab1ceac0a332.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2712
- C:\IntelprocYF\abodsys.exe
  C:\IntelprocYF\abodsys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\IntelprocYF\abodsys.exe

Filesize
2.6MB

MD5
1389825bd33cbd12701796d74d907f56

SHA1
0524dd02817a4014c0db462a99cffe3e8ab5555b

SHA256
538dbc108f7ba999491bbd7377a6b73b04fde759f7518c71fca1f87d38199b2f

SHA512
5a083dac5b4c5a6cf8ce7ffb272ac348f270aa4a0655e2606ea575971897e25ee75d500aa4d54e08c23f4d29ec2c178163888530383d4614e99b4f75030bf7f6

Download Submit
C:\IntelprocYF\abodsys.exe

Filesize
2.6MB

MD5
1389825bd33cbd12701796d74d907f56

SHA1
0524dd02817a4014c0db462a99cffe3e8ab5555b

SHA256
538dbc108f7ba999491bbd7377a6b73b04fde759f7518c71fca1f87d38199b2f

SHA512
5a083dac5b4c5a6cf8ce7ffb272ac348f270aa4a0655e2606ea575971897e25ee75d500aa4d54e08c23f4d29ec2c178163888530383d4614e99b4f75030bf7f6

Download Submit
C:\MintWI\optixsys.exe

Filesize
2.6MB

MD5
6272a4d614e6f2b15354f487c4016eb4

SHA1
396a5afb781bca973c700a1edaf8da8654ef5ad0

SHA256
289073f576fe83fcf56df38ae240ddcfa85a6bae6c2a4390836db329fde25b40

SHA512
6660ee9cde64dee5b1f02f4c05ea80f64f1114db561bc4e25cc2015bb814aca048e4e8f80b875d0ce6fa3daf482d4f7b58ba4ca854836ae390615d5824c6f4f9

Download Submit
C:\MintWI\optixsys.exe

Filesize
2.6MB

MD5
6272a4d614e6f2b15354f487c4016eb4

SHA1
396a5afb781bca973c700a1edaf8da8654ef5ad0

SHA256
289073f576fe83fcf56df38ae240ddcfa85a6bae6c2a4390836db329fde25b40

SHA512
6660ee9cde64dee5b1f02f4c05ea80f64f1114db561bc4e25cc2015bb814aca048e4e8f80b875d0ce6fa3daf482d4f7b58ba4ca854836ae390615d5824c6f4f9

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
208B

MD5
91b2371519f14a0f15f8dfcf7294a97f

SHA1
3d5d241b8fe5979b43cbeac4838a01885a059fbc

SHA256
1695b5aafd3b54691fd75506ace65b21798242ae82d824d949613f348e3749cc

SHA512
5004c8795bff014d941af1736c8529d6f92593e8cfbb1c3107a0fc0998b3b181231bd4491602abe7f258313b6aa186a3deb89cdbda0f129e58c925f292593c96

Download Submit