Overview

overview

7

Static

static

3

179ca6727f...f3.exe

windows7-x64

7

179ca6727f...f3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    179ca6727f97a98d028ea98d2280f5bf58d1a8289208698a072cee6873f0fbf3.exe

  • Size

    2.7MB

  • MD5

    e9e77430a750d8a67d6d79b4613ac1b4

  • SHA1

    3e73a41f3f307fa30324c709579127cda31c41de

  • SHA256

    179ca6727f97a98d028ea98d2280f5bf58d1a8289208698a072cee6873f0fbf3

  • SHA512

    fb98d4b1eb529795221d857317a052079ce85f3e60935411419ee96e5b254477d1470579c2498c1dbf62f099a7a6813cb42ba18e723d5ab2bd0669ba9639b18a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBX9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\179ca6727f97a98d028ea98d2280f5bf58d1a8289208698a072cee6873f0fbf3.exe
    "C:\Users\Admin\AppData\Local\Temp\179ca6727f97a98d028ea98d2280f5bf58d1a8289208698a072cee6873f0fbf3.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:700
    • C:\UserDotWP\xoptiec.exe
      C:\UserDotWP\xoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax37\bodxsys.exe
    Filesize

    2.7MB

    MD5

    588053686f61efe5e5a3e71faa4a1d4b

    SHA1

    913d5aba930e8dc3072f807285cf780ffda7101b

    SHA256

    f9d44e76f3d3b397abefbe18b3cb708f963d911e638e31de3a133192c630200e

    SHA512

    0d77f901e51319556955fc1d1b8a8a5bc67f62359f4097ea1f0ea3f5ed06d51864572f1d3b1468940f1ff3e81a6b953efd931ad19a638e1dc17176729554f6c8

    Download Submit

  • C:\UserDotWP\xoptiec.exe
    Filesize

    2.7MB

    MD5

    1bf40e8a85daf0506e0bdcd6f4e04738

    SHA1

    494c172c15f74481a21fbcc273f2e909fc0a5704

    SHA256

    ed87c7b8c011c1c94c0ebd116955289ae02fa0b7fcd70c43c4cd6726f91a26ef

    SHA512

    6b58fff8a0dae872e8a94bd70abebf1ec4df3eb1c8783b0c30e07f72d1dc1ed8685f69e5067e752a6af8f4b17865c2a6fd3e1d62732cb8b0445b7600d3e8e7f2

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    018d519871aaaa102319ec8e3e5b0c43

    SHA1

    706dfb80be658ad0039ff4ea88fd067e657ca500

    SHA256

    2c43641981a96e715f3e84dd3f25e8ea324e4b589923135fb4a76718ff7a9882

    SHA512

    237fb9e7dfd1c9630f420f9e74b14044d291b7ec3dcd1f187bc389452bc01de779d04bee3e2363fc4f48e54bd255808b2ccd2801bc173e8ff8cfd2f97b72550c

    Download Submit