Overview

overview

7

Static

static

4

update_06_09_2023.zip

windows7-x64

1

update_06_09_2023.zip

windows10-2004-x64

1

ccat.scc

windows7-x64

3

ccat.scc

windows10-2004-x64

3

courses/O_...23.ecp

windows7-x64

3

courses/O_...23.ecp

windows10-2004-x64

3

courses/P_...23.ecp

windows7-x64

3

courses/P_...23.ecp

windows10-2004-x64

3

ealist.xml

windows7-x64

1

ealist.xml

windows10-2004-x64

1

olimp_ente...30.exe

windows7-x64

7

olimp_ente...30.exe

windows10-2004-x64

7

olimpoks_e...S).pdf

windows7-x64

1

olimpoks_e...S).pdf

windows10-2004-x64

1

olimpoks_e....9.pdf

windows7-x64

1

olimpoks_e....9.pdf

windows10-2004-x64

1

plist.xml

windows7-x64

1

plist.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    159s
  • max time network
    222s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    olimp_enterprise_update_5.3.9.11930.exe

  • Size

    231.9MB

  • MD5

    3be87694267902fb89b02471d395a991

  • SHA1

    1fc25bc094d0acdec6f4e6eba6183f04953b2592

  • SHA256

    f4f7863d732fa8ef6498f3fc83f745ef8dfffd07984049c7595fc16ce9589b6c

  • SHA512

    a7d9ce3ae3f017bcdca556b42473137d713be9f1d804ee397e184f7aa4f8733e482bafcfaae59c73e30ce3a1caf9ea673c46a38672b16fbb447ffbcc6d897aa3

  • SSDEEP

    6291456:JBt9dPlciB8H6yHJfWBFqo3Fqj9leoJi4iNPjI:hWGQ6WfWBkoVEl3JsNE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\olimp_enterprise_update_5.3.9.11930.exe
    "C:\Users\Admin\AppData\Local\Temp\olimp_enterprise_update_5.3.9.11930.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4240
    • C:\Users\Admin\AppData\Local\Temp\is-GL28C.tmp\olimp_enterprise_update_5.3.9.11930.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-GL28C.tmp\olimp_enterprise_update_5.3.9.11930.tmp" /SL5="$501E4,242311020,780288,C:\Users\Admin\AppData\Local\Temp\olimp_enterprise_update_5.3.9.11930.exe"
      2⤵
      • Executes dropped EXE
      PID:4412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-GL28C.tmp\olimp_enterprise_update_5.3.9.11930.tmp
    Filesize

    2.5MB

    MD5

    0e646c3fb972b2e70478d207bd69b09d

    SHA1

    ada0ff63d8bb639c9c58876446a7bd7cdd0cff60

    SHA256

    3197a2ad971a920dd55fc061e231425f0a181de78cedc7b4141015f9ba66cda9

    SHA512

    12093c30f7dec42a6d3eef79f650c32a5e99c47f91efdb3a525e24e40616754c76e4d02501afb60b1f57578da09189417c68694cc190a35b5098b83dd12d448a

    Download Submit

  • memory/4240-1-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4240-8-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4412-6-0x00000000007A0000-0x00000000007A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4412-14-0x0000000000400000-0x0000000000682000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4412-15-0x00000000007A0000-0x00000000007A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4412-17-0x0000000000400000-0x0000000000682000-memory.dmp

    Filesize

    2.5MB

    Download