2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
Size

2.7MB
MD5

9dbb3a8072cfb242229c2d28d56150b0
SHA1

22544a33b12eb6d9019f5fb92ff86cee7f220151
SHA256

2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528
SHA512

b45cdb106188b97716ead9ab5e8dad6ff7497a6032d329f0ba4cf80e4c6f464b5f547e87e290286db3fcf725a70a4d7a24b720a29e4071f99bb53122f424abfc
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBh9w4Sx:+R0pI/IQlUoMPdmpSpF4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1656	xoptiec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvXW\\xoptiec.exe"	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\Mint8T\\dobaloc.exe"	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
1656	xoptiec.exe
1656	xoptiec.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 1656	2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe	88
PID 2188 wrote to memory of 1656	2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe	88
PID 2188 wrote to memory of 1656	2188	2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe	88

C:\Users\Admin\AppData\Local\Temp\2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe
"C:\Users\Admin\AppData\Local\Temp\2f36519c55c3b420325de89afd7a5b14f0654d56c1c920df590719598a63b528.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2188
- C:\SysDrvXW\xoptiec.exe
  C:\SysDrvXW\xoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Mint8T\dobaloc.exe

Filesize
416KB

MD5
482938e65455f16735dc82d051f845ce

SHA1
e4b6c3ab950c70a0427cc9f5fb39881929b92a73

SHA256
2802938284a7bc5b7486a8f8197b4b2e55a12fd4b024c0be199915d72d0509be

SHA512
1e7ad34cb060dbe09c241120ae25fba52fb3f87882bd19cb1b72bfa876a9fb7937afe4ad20d6852ec5199508aa8cca4348d2084b7026151f2d10f585ad338e1a

Download Submit
C:\SysDrvXW\xoptiec.exe

Filesize
2.7MB

MD5
4b4e9f7a57b219dab9e2a6742704d058

SHA1
e6e8e93660f80a60d9eaee0138c11616c745415c

SHA256
f21db32ec31d0eac3a803824ff982d1d5554abd6e7035e041f472bf469a33e99

SHA512
13ff4907ac5623182bbd4b04f759538c92915fb25136c0f0f60c83106aab51878b97700cc5f533e41739990970eb1025c048e8b8e6eeab9e46b3c12fcb708f74

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
202B

MD5
8b614e3a4b0f66ad5e77f0c77a3ae9be

SHA1
1e287a26bdbead47aed1934f0c9765b108afea71

SHA256
e52ea5be9c3b66398e8c58e625e57885ef529c614c64f8e400ef83c5b0ff7331

SHA512
ac877f2b0534482256b6a8d673630e4a4c28fdfc4a6f10a5cb8b9be21473fc9cd7fe2b4eb093db239e6f89eaf7692dd7ed9e8fd546747486c023450e3dc3ff08

Download Submit