519f62e5f0b5d7a84c11293dda4cc6b1ca8754da2ae8acbcb071ac3c504df158

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 06:00 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ace6863c81d58befe9ea56bdb58230b.exe
Size

2.7MB
MD5

3ace6863c81d58befe9ea56bdb58230b
SHA1

bffb460a239735ff0558a1980a6c4ed9d06f30e9
SHA256

519f62e5f0b5d7a84c11293dda4cc6b1ca8754da2ae8acbcb071ac3c504df158
SHA512

5fc70f284c28e39eaf03572840c1634991b60b0c254d5cd6760a2f0f920169c5bb0ed9a219a328f0babec074a87859e774b1f5c8a588910cb9f659851f2084ee
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4Sx:+R0pI/IQlUoMPdmpSpk4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
848	devoptisys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocY7\\devoptisys.exe"	3ace6863c81d58befe9ea56bdb58230b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintND\\dobxec.exe"	3ace6863c81d58befe9ea56bdb58230b.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
848	devoptisys.exe
848	devoptisys.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe
2608	3ace6863c81d58befe9ea56bdb58230b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 848	2608	3ace6863c81d58befe9ea56bdb58230b.exe	89
PID 2608 wrote to memory of 848	2608	3ace6863c81d58befe9ea56bdb58230b.exe	89
PID 2608 wrote to memory of 848	2608	3ace6863c81d58befe9ea56bdb58230b.exe	89

C:\Users\Admin\AppData\Local\Temp\3ace6863c81d58befe9ea56bdb58230b.exe
"C:\Users\Admin\AppData\Local\Temp\3ace6863c81d58befe9ea56bdb58230b.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2608
- C:\IntelprocY7\devoptisys.exe
  C:\IntelprocY7\devoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:848

Network

DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

28.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.143.109.104.in-addr.arpa

IN PTR

Response

28.143.109.104.in-addr.arpa

IN PTR

a104-109-143-28deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

204.201.50.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.201.50.20.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

28.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

28.143.109.104.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

204.201.50.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

204.201.50.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\IntelprocY7\devoptisys.exe

Filesize
2.7MB

MD5
ff2b5d1398c76fa06140ca0108248b54

SHA1
848b2955191ed28942300e4a374afadbca747223

SHA256
01fecc8d52b1852c08ffca3064eefe439f6a54b5a6e35456c644737fa6062361

SHA512
ecf9e44cf79a4357bae6a074b50eda311fc1529273dce476dbe4477ad30c6ab7c6075faf76a16d6cbaed7bd82b3d04f9c5aa47628b510fd3f759d5ada8043142

Download Submit
C:\MintND\dobxec.exe

Filesize
121KB

MD5
8a15d9ca21773f1b87580a7fc4c7cdce

SHA1
70bbe40551a5a2b22e1eb2c3100bd9c5cbb1fa29

SHA256
9de4ca6e37cde8f6b9ee8109b31d08160372503a0dc7413a17731fd66ec6a67b

SHA512
b5d7deebe3bd625cd4066dbb2b81ee082e57a05ee7c92e9d43fc1cd94b49c6d398fa0e954d9df48fbeb5ff744c5e9eb3e4e4d5fb45eb067effe7619765c37d35

Download Submit
C:\MintND\dobxec.exe

Filesize
2.7MB

MD5
9accc9e250e6602eca8a8f4210525d20

SHA1
75ac271dd212bd8f7e398280ea22867836ba4d2e

SHA256
4f9937c7d1e57dfc1d9825f6ef42ffedd92a35560759f73d1d6222e5e8bd5f4d

SHA512
c1582346ff2d544201f4dcabdcc7f45b86d354cebcdb49db9c69ca8b6bc95b6d33b7a4886896553fcb7b80ace0425ee9302ece6758936b2ce4bf03e3f05f6888

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
206B

MD5
d85a3e9b82c116ee53aabe5a6233f62e

SHA1
8b07915891177874b3de8e8d5080938b25896d78

SHA256
6fed4bc845ae40aaea7aadaf03e7ec593c643ff9465a21beeb34a59b2fa43ca6

SHA512
126b0b75e9b25b49c6da5e58bd0b2788cc1a464f860e4f66bfa9c1b27002e7ac8c0c2e8247b55469a67510871ecdc9b8bba91ab9cb3c34707e6c90971876356d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.