3503d28a45572ee696450d3c667788893040172d7a1a67ded0503efa5d0fc378

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vopt921.exe
Size

3.5MB
MD5

6e2f80e7f79ae1fb33108fd9efc8da1b
SHA1

74fd83acff2a87bfce3ea364f4feb3dad3fbc259
SHA256

4d5be0906ff10fe94dbd1cdaa1ef57efc39bdd341621208b9013bdaeda614b0e
SHA512

5e3b2d67635eefac53072216f4efe266111a652991feeb5177656993d0cdbc65535c097e5d2d8146885fa035f3a1b52fd274825ba8f5d6cfbb1db83bc3f96e8b
SSDEEP

98304:mVhHEYUeMD0BApRajIy0TuRTAueYAnNio:m/ELeMDdDWr0K1dsNio

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2512	Vopt921.exe
2512	Vopt921.exe
2512	Vopt921.exe
2512	Vopt921.exe
2512	Vopt921.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2512	Vopt921.exe

C:\Users\Admin\AppData\Local\Temp\Vopt921.exe
"C:\Users\Admin\AppData\Local\Temp\Vopt921.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\LSB3D5F.tmp

Filesize
15KB

MD5
4c70b3df1ebc016f924e71e5c38aa1a0

SHA1
4c8a3ccbfe357086a50ac5125cfffc9b2a2f22cc

SHA256
cf864fe743ad1f153dda827e0714ab39866eb34f7a01b826e4f655652a539b2f

SHA512
928ac9c1670b249707c093ba704e1e8f7b96863f86e85c97d231dd1463ccac6c168a9bd2ca2a55066ef292914b02c54c164fdc551cabd0673f90074323912084

Download Submit
\Users\Admin\AppData\Local\Temp\LSB3D70.tmp

Filesize
233KB

MD5
a19cf76119b9976768c466a8b57ea7ea

SHA1
345e5b88a48f6d3486a7bfb3f21a2b197c541ea5

SHA256
968dc3679fdb0b0d3db93d3738cb4940ab3b27bbfaf10f8d841cff9fa5322cb3

SHA512
1a3577aab66496023e516038135e23c40effb0b66141848fa9f646f630d14466d1b8877973a54e6e14f6cc1e7754b187a33ab61ba534c8b9fbffdcf9e4e8a191

Download Submit
\Users\Admin\AppData\Local\Temp\SB63DB2.tmp

Filesize
3KB

MD5
f01f9a9b13725fedb9e67eaec69ed1d5

SHA1
21def9a9614f1fcadfeeb1672ae1945356f5c2ac

SHA256
98496d31a5aed312838338c77c003e4b7567a103a6090d9e0329bfb27b99f2b8

SHA512
407d70a9056c749dcf3d0a76047e4a18184516aab5762c194676d245009eee7463b114b56fcc29ca4ad96cc659dba80ce76f993eadb063f66077b1428bbf72a7

Download Submit
\Users\Admin\AppData\Local\Temp\SB63DC3.tmp

Filesize
8KB

MD5
52c4b8cbdffa9f1fce7ace5d59b640bf

SHA1
87bb900b1e7090e738f9358af90d0db71ca0e8b1

SHA256
f54a5f5b31c9153c9af7478743420a5ee68d92efaa5f0f1fa0116cdaeb896341

SHA512
d5c7f3089021ca01ddc2c74a0d87007f6df972c2b3d850356e345a29dfec559b81f71a19eef51efb32fb856c55c8b7d1c8e68e814f1a941b64f86f7919f908e0

Download Submit