e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
Size

4.1MB
MD5

11fb2b9a56fe08560d20068205322caf
SHA1

84e3394291b87e12528e0fa296db6941e63ff79d
SHA256

e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f
SHA512

ccaf431538471f4e37800ab2fc3ef3037e681c82f82b88bae74bdb29e3e351c4780f598ae33c6aca06b7e6f849109e44fdcdfeaf62ea7633fcec2975ebe30245
SSDEEP

98304:+R0pI/IQlUoMPdmpSpj4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmU5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3876	aoptiec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotYD\\aoptiec.exe"	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidBS\\optixec.exe"	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3876	aoptiec.exe
3876	aoptiec.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 3876	3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe	92
PID 3304 wrote to memory of 3876	3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe	92
PID 3304 wrote to memory of 3876	3304	e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe	92

C:\Users\Admin\AppData\Local\Temp\e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe
"C:\Users\Admin\AppData\Local\Temp\e68b545af2b7ac43ea251ca000053585c54f81ecc3f1e783ae588ebb60b8113f.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3304
- C:\UserDotYD\aoptiec.exe
  C:\UserDotYD\aoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\UserDotYD\aoptiec.exe

Filesize
4.1MB

MD5
e72d7684aa28f37ab419589f2ccb6bdb

SHA1
13ff4c20937843f814814215199db57ddea0492b

SHA256
fbf551ff285b771333c2b2b3f12880108bee8e240a9fda9cd14209a917b7214d

SHA512
553039f5d58486841db8058a3b6ed11f1626635c89978290703a7cbfff47307c89399d4e2d2e6576077aaf8a95ab46eedb01c80b71085e24678263e666fe18f5

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
195B

MD5
321adc1321d5496cbc48321d09646737

SHA1
4c5b76312f85ac5b526ecba9a5ee76ff2be0c6d7

SHA256
2fe463a6d7ef2198912f719f6611f2eb12dd7d41dbff94d1255be9ebc2d7ef2f

SHA512
68808692b448227bc14a5bcabd376b0591c4d80bdd7d32103598ddb93610b88825f3b2d463b8050d693431e3e2973e26c5b35f15193afd7dc65b957dc57d8109

Download Submit
C:\VidBS\optixec.exe

Filesize
4.1MB

MD5
3d9a7eac7ddf8b71d97b3ffb24a32963

SHA1
26d45f4769181312a7e3ca00d13b7658d2b59d05

SHA256
271a93cd8236e2d1e3f4ba4a0bfd93af0bdcf9211a433efb8bcc5bb44a78e038

SHA512
dbb4d945c924254152bc2bf34ad7e5bb3d832dd5f5ecf025bea411aaac51c392a48ca66a4c4ccdb96649f05984867797034d5eee6d236c43751f48442aab8d60

Download Submit