Overview

overview

7

Static

static

3

3a064e72f7...33.exe

windows7-x64

7

3a064e72f7...33.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe

  • Size

    2.7MB

  • MD5

    6c65acb2269366afabb36060087af761

  • SHA1

    c72e3f26ecba28352b5b3fe7a4e55817e5956e48

  • SHA256

    3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633

  • SHA512

    4fb57482da7b5de67719c41b227bf0bb1237f99830491a5c9e217e82278063a6fae09ec6a3fca3a0d433be3940b626987bb9d7c1f7bd7d3de5cc1556a99920fd

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB99w4Sx:+R0pI/IQlUoMPdmpSpd4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe
    "C:\Users\Admin\AppData\Local\Temp\3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\UserDotJN\devoptiec.exe
      C:\UserDotJN\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1804

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    4b04c29f9c26192474bbe6a42a5e8f19

    SHA1

    9f93ad093a86b1b99bc856fc58909899c3449fd9

    SHA256

    097cbedfe8c1c992585ddd41728b59f40399fcd819268b283b0571d3ec02d79a

    SHA512

    60e454ef59d541a93ab0adaf5058f2684178f97c485bc37c2d9faf856cc439c3225b6bd254015e6c04f1edf0d200c0d2dc8d87ac4c72d8033de990a9c5e1b76e

    Download Submit
  • C:\Vid5P\optialoc.exe
    Filesize

    2.7MB

    MD5

    ecaa674380016a9d5261f74943d296f3

    SHA1

    b4af07355a099450b7050e541835a913f829e348

    SHA256

    caea8ef6708064e5e754f326f23ab64839e970709900650caa2b69779f76b43f

    SHA512

    51a1f4fcae06fd4c2acf144e867554007c0fb49f5d870bf9f45e8e73295c83c9a7dd475378a0af5e2cbd4de22d855224c8b5c7caf4982532b0a4387868ccc44e

    Download Submit
  • \UserDotJN\devoptiec.exe
    Filesize

    2.7MB

    MD5

    c56397fedf4bd3d77520bccd71a0c249

    SHA1

    28186681b7f5b141c50efc8e145d0249d8aca08c

    SHA256

    6fdb4d72f9caa6828be4340435391612ef2e2531031e95603bcfb3362d81d8bb

    SHA512

    1f3afb7cc41e1ba720d90fc6ff07e0f8198314c3955840294740610baf8b6741cf1faef87ff7ffc00ddd41c354048daabc10f73feaca9a3c6be24c5d324f9503

    Download Submit