63c18a1c9915e675ebed54655d62fca8e7a8f523004e42cd9837b0228bf8b1cc

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
23/09/2023, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
Size

4.1MB
MD5

eb2fe0f6da2915ff7e7271d3a421a2b7
SHA1

2683d50dd19b62a2161da276eebb30fd61988844
SHA256

63c18a1c9915e675ebed54655d62fca8e7a8f523004e42cd9837b0228bf8b1cc
SHA512

bbb7f692233dd50a583d674f59f89f6175cfba57412482da1244e77b7801175669d1cdebd6f69b7c21aa98a1ef91336364e452b3369d97cb50a28265cadbbc2c
SSDEEP

98304:+R0pI/IQlUoMPdmpSpj4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmg5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3004	aoptiec.exe

Loads dropped DLL 1 IoCs

pid	Process
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Intelproc23\\aoptiec.exe"	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxR8\\optixsys.exe"	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
3004	aoptiec.exe
2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 3004	2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe	28
PID 2436 wrote to memory of 3004	2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe	28
PID 2436 wrote to memory of 3004	2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe	28
PID 2436 wrote to memory of 3004	2436	eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe
"C:\Users\Admin\AppData\Local\Temp\eb2fe0f6da2915ff7e7271d3a421a2b7_JC.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Intelproc23\aoptiec.exe
  C:\Intelproc23\aoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GalaxR8\optixsys.exe

Filesize
4.1MB

MD5
209a080f09fdc6bccd2655d38336b983

SHA1
baf46719de24aca7056d8d8d6b1e9fad33480b23

SHA256
472c936bf5a0e4b5ce98d07a1b6c49cdf5803931a2ea5c144d0e7afe23fd437e

SHA512
da89f9cfa5ee0a075bcc0d8c69ad93aa3982e3bc05a23513acf17d4cdc154e27ac8463d0017ab8aaca4b9fa724099aeffec101062f852e7cf754334e48ed3619

Download Submit
C:\GalaxR8\optixsys.exe

Filesize
4.1MB

MD5
209a080f09fdc6bccd2655d38336b983

SHA1
baf46719de24aca7056d8d8d6b1e9fad33480b23

SHA256
472c936bf5a0e4b5ce98d07a1b6c49cdf5803931a2ea5c144d0e7afe23fd437e

SHA512
da89f9cfa5ee0a075bcc0d8c69ad93aa3982e3bc05a23513acf17d4cdc154e27ac8463d0017ab8aaca4b9fa724099aeffec101062f852e7cf754334e48ed3619

Download Submit
C:\Intelproc23\aoptiec.exe

Filesize
4.1MB

MD5
de47b740a4448d216e07e9c9e087d610

SHA1
f3b63ed711e1ac5b47e618faa729233905693660

SHA256
b4d407c8f5852cecee0e7cb102a38c208e82e5ca78b6a874b20e7e1b654baa76

SHA512
8327a46b9bc19c6b5e72e738477cce4515b79f7d783c9d0e12c7b1de347b6aeedec8fc7cd356a1118cad4169d663c5b225b33611884ecf8fe0e7cec651477419

Download Submit
C:\Intelproc23\aoptiec.exe

Filesize
4.1MB

MD5
de47b740a4448d216e07e9c9e087d610

SHA1
f3b63ed711e1ac5b47e618faa729233905693660

SHA256
b4d407c8f5852cecee0e7cb102a38c208e82e5ca78b6a874b20e7e1b654baa76

SHA512
8327a46b9bc19c6b5e72e738477cce4515b79f7d783c9d0e12c7b1de347b6aeedec8fc7cd356a1118cad4169d663c5b225b33611884ecf8fe0e7cec651477419

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
206B

MD5
eb4f880af4c731843d5dacafa16a584b

SHA1
ec1eb228f4be2af852421fdabbf1eb6afe7976cd

SHA256
026dea057f83bf549c914563d9e200009a7fe8a20063aa4daa11d1d8498a3986

SHA512
8100826beeef1946f5e990895ba44c495215e1716f7c01b9b0b073886453c5c8536ad3773d9f6b70e9ea44afbc8099dc90c4b78f5ec99b5fcceadceb78007733

Download Submit
\Intelproc23\aoptiec.exe

Filesize
4.1MB

MD5
de47b740a4448d216e07e9c9e087d610

SHA1
f3b63ed711e1ac5b47e618faa729233905693660

SHA256
b4d407c8f5852cecee0e7cb102a38c208e82e5ca78b6a874b20e7e1b654baa76

SHA512
8327a46b9bc19c6b5e72e738477cce4515b79f7d783c9d0e12c7b1de347b6aeedec8fc7cd356a1118cad4169d663c5b225b33611884ecf8fe0e7cec651477419

Download Submit