Overview

overview

7

Static

static

3

c4c9d72ab3...5a.exe

windows7-x64

7

c4c9d72ab3...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 03:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4c9d72ab3d449194f95ae658cadfeb7c9910ef83c51fb6f2da28f551f49c65a.exe

  • Size

    2.7MB

  • MD5

    5159bdf8ccd13037964397a7131eeb1d

  • SHA1

    1106e872428ce3fd3a0fc6998daaedb3d6e23971

  • SHA256

    c4c9d72ab3d449194f95ae658cadfeb7c9910ef83c51fb6f2da28f551f49c65a

  • SHA512

    a6fc43e0faf5e4df022f1bee6d75d8236ea19d872be7ccf29f23438a76c89f34461f8e166b0a2269b5d41b0f6570ea03105628563644a36ccebbb709c7625ba6

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBS9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4c9d72ab3d449194f95ae658cadfeb7c9910ef83c51fb6f2da28f551f49c65a.exe
    "C:\Users\Admin\AppData\Local\Temp\c4c9d72ab3d449194f95ae658cadfeb7c9910ef83c51fb6f2da28f551f49c65a.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:768
    • C:\Intelproc4O\aoptiloc.exe
      C:\Intelproc4O\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc4O\aoptiloc.exe
    Filesize

    2.7MB

    MD5

    fc3ca7a49e853c95e31447c1f90cb9af

    SHA1

    6573821615c28758ded88c749c2125f5fc024c05

    SHA256

    361c57ac2f569e2ad9181de64d27c0adb45d5d607cfac4332c8df539ddcdce6f

    SHA512

    2d8e57469fceb844a368df476790657aa45f275d0327b4123e8cd55a56a337d3ad82f430d41ab1d3b5dcd7a19d04918b90accc62de2c099c34e8995532c138cf

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    473eae303efede9495ba329f450f9d6a

    SHA1

    3f3870b31d1c46e9f487614a5b777b306c6979e6

    SHA256

    b50bc2e77a78a9079a4470f973961f48e1aa3e3b98eaeabe48fa87731cadd4f6

    SHA512

    47a7b6771809491051b0afd8d8d1f509e354b51b03bc5dd677444c80bdabba1ca3b6d129b00821ba25f9c817b94c872af947afda0e9c0e104dfdebbd71bb1b12

    Download Submit

  • C:\VidQF\bodasys.exe
    Filesize

    93KB

    MD5

    e4f4079f6e68b8e7472dcb811d870b59

    SHA1

    1876edef1fe5b77e492efd084ebef284cf4e02f6

    SHA256

    35ae9b4b4c5e6fcf12e2b050bbad48d212048c79647a7d1a1dd76775b5e010ae

    SHA512

    3c0017a74188a95ee68509b96a1f19bbb19f8b7edf63b0d199b3c476e89367f6e6655fc6d3c37f7fddfe1f1a7852e55d7b995371b3aab0ec57d27f456dc52f52

    Download Submit

  • C:\VidQF\bodasys.exe
    Filesize

    2.7MB

    MD5

    bbb5842d357fb0466c3819049fe3a3cc

    SHA1

    1024a05dd4d011dba8863ed2c934a3fc4dca7353

    SHA256

    2a67338eed487106162c082c1529c4328d2aa4189ca1a5b0670359c3d5640b0c

    SHA512

    a72e4ff4bb514e90480da2a6548ebb73150bc94ad946c4f66314720763d2a0d1e26421c5c8c31c79d06d797562deb82132c009a2dfa8a6ffb26a74bc167fa953

    Download Submit