01a68447a901d47df8cc16756289c979dbebc31aca3fa2dcb4f2f6406d963f7c

Analysis

max time kernel
141s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d6862c128985d5b9db773237c38d1f6.exe
Size

68KB
MD5

7d6862c128985d5b9db773237c38d1f6
SHA1

67465b942db72d81f2d04126e0104f1b33023039
SHA256

01a68447a901d47df8cc16756289c979dbebc31aca3fa2dcb4f2f6406d963f7c
SHA512

cc3bc8bbabeea36dbbe00227e9db48191affa82cc2ed04cc798c0bcff8ea7461cbcf0d84eec1f0d49039679415c0f2594e2041aaffa298e5b03014d02626adfe
SSDEEP

768:h6ylXAK9dm3Ogn9ns/LXY4ZZ4ZLSmtwG4eutr1QH0Br4y1peY1WVr4NXtOiaV:h6oXbdm3Psc4qtwGpY1NJF9Vzy

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2172	optimize.exe

Loads dropped DLL 2 IoCs

pid	Process
2236	7d6862c128985d5b9db773237c38d1f6.exe
2236	7d6862c128985d5b9db773237c38d1f6.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Optimizer = "\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""	7d6862c128985d5b9db773237c38d1f6.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Optimizer\optimize.exe	7d6862c128985d5b9db773237c38d1f6.exe
File opened for modification	C:\Program Files\Internet Optimizer\optimize.exe	7d6862c128985d5b9db773237c38d1f6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2172	2236	7d6862c128985d5b9db773237c38d1f6.exe	28
PID 2236 wrote to memory of 2172	2236	7d6862c128985d5b9db773237c38d1f6.exe	28
PID 2236 wrote to memory of 2172	2236	7d6862c128985d5b9db773237c38d1f6.exe	28
PID 2236 wrote to memory of 2172	2236	7d6862c128985d5b9db773237c38d1f6.exe	28

C:\Users\Admin\AppData\Local\Temp\7d6862c128985d5b9db773237c38d1f6.exe
"C:\Users\Admin\AppData\Local\Temp\7d6862c128985d5b9db773237c38d1f6.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files\Internet Optimizer\optimize.exe
  "C:\Program Files\Internet Optimizer\optimize.exe"
  2⤵
  - Executes dropped EXE
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Internet Optimizer\optimize.exe

Filesize
68KB

MD5
7d6862c128985d5b9db773237c38d1f6

SHA1
67465b942db72d81f2d04126e0104f1b33023039

SHA256
01a68447a901d47df8cc16756289c979dbebc31aca3fa2dcb4f2f6406d963f7c

SHA512
cc3bc8bbabeea36dbbe00227e9db48191affa82cc2ed04cc798c0bcff8ea7461cbcf0d84eec1f0d49039679415c0f2594e2041aaffa298e5b03014d02626adfe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads