Analysis

  • max time kernel
    48s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 12:12

General

  • Target

    Optimizer-16.4.exe

  • Size

    2.3MB

  • MD5

    9352623ba2fee1206079ce3d81bf0132

  • SHA1

    9c398c2d975d82ba1e46f3bcc0e6298a2b713b8d

  • SHA256

    f4775567ca9941b4fb3224d97b0741ae669eedfcb0d8b3c71106b21bdb1aee28

  • SHA512

    a38cef70819524a3ba8d7583b763da3fac71a9b67e832165f14f60568f7a2a07f67418bb7f7a544b32aa3d76a4fa9a6b142a3998cf362a116171ed4fae05187e

  • SSDEEP

    24576:QqsJmQYTZZ4GKTnbv7DO9JvvEC8ZJC3Bjk38WuBcAbwoA/BkjSHXP36RMG:QMH4VTnbv7uEC8Zw3CSA/Bkj0

Score
10/10

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 6 IoCs
  • Modifies registry class 4 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Optimizer-16.4.exe
    "C:\Users\Admin\AppData\Local\Temp\Optimizer-16.4.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Modifies Control Panel
    • Modifies registry class
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C sc config "RemoteRegistry" start= disabled
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Windows\system32\sc.exe
        sc config "RemoteRegistry" start= disabled
        3⤵
        • Launches sc.exe
        PID:3068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Optimizer\Optimizer.json

          Filesize

          2KB

          MD5

          6b67d4971607b5050f86886ce9eeac6e

          SHA1

          11e812da278994cef6c50171c7494379dd34057a

          SHA256

          1cf9b8c1ab1a3f3b0535e9176b3434793364ad4cd5a40175e390184f1fe5f60c

          SHA512

          6b63200bb2773792c652496a6a1899ad6b58450a467b62294aef699cd2b3e75aa780012e6eb6bfafb62ab3aeeca2dc2084557718b52037852cf91a5ff388bb4c

        • C:\ProgramData\Optimizer\Optimizer.log

          Filesize

          297B

          MD5

          bb04e9af50309df0fdff67ea9cc5027c

          SHA1

          ed67ba3c74f7661f7aa8540b7f0c2049f3ef937b

          SHA256

          e1adfc78d8c11e74b5c7f001fa6b1b85b65ecdede8dd1bc79296e389e1e23506

          SHA512

          a055305978fadffbd4595dfbc3f328669df064c01d6621af0c1421e8e29f5a23a279820fe39eec56c52dcfa2f7a5205cd54cec5d05c75f77c9fc6bd90b647eeb

        • memory/2184-50-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-51-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-25-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-26-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-2-0x000000001B050000-0x000000001B102000-memory.dmp

          Filesize

          712KB

        • memory/2184-49-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

          Filesize

          9.9MB

        • memory/2184-0-0x0000000000CE0000-0x0000000000F38000-memory.dmp

          Filesize

          2.3MB

        • memory/2184-3-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-52-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-53-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-54-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-55-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-1-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

          Filesize

          9.9MB

        • memory/2184-58-0x0000000002480000-0x0000000002500000-memory.dmp

          Filesize

          512KB

        • memory/2184-59-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

          Filesize

          9.9MB