Analysis
-
max time kernel
149s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 20:36
Static task
static1
Behavioral task
behavioral1
Sample
3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe
Resource
win10v2004-20240426-en
General
-
Target
3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe
-
Size
2.7MB
-
MD5
6c65acb2269366afabb36060087af761
-
SHA1
c72e3f26ecba28352b5b3fe7a4e55817e5956e48
-
SHA256
3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633
-
SHA512
4fb57482da7b5de67719c41b227bf0bb1237f99830491a5c9e217e82278063a6fae09ec6a3fca3a0d433be3940b626987bb9d7c1f7bd7d3de5cc1556a99920fd
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB99w4Sx:+R0pI/IQlUoMPdmpSpd4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
abodsys.exepid process 2388 abodsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxC1\\optixec.exe" 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvJ5\\abodsys.exe" 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exeabodsys.exepid process 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 2388 abodsys.exe 2388 abodsys.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exedescription pid process target process PID 3260 wrote to memory of 2388 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe abodsys.exe PID 3260 wrote to memory of 2388 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe abodsys.exe PID 3260 wrote to memory of 2388 3260 3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe abodsys.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe"C:\Users\Admin\AppData\Local\Temp\3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\SysDrvJ5\abodsys.exeC:\SysDrvJ5\abodsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\GalaxC1\optixec.exeFilesize
1.5MB
MD58e32b8f2c76acbd24f0e95882a9eec2b
SHA10820f7a965ec1173c97910b63954b488a53a5f40
SHA25672bc23c2776a0a9b7b257fcbc6a85bc23443678a740f02146ec2e9d7aa923657
SHA5123845588becd1ca30bfd6ef7bda38b40d631724f2d1270ec8c6266fb4a01e85cfa09099d4e73f171725db435f6de5d87d3f7376a77cb20a59d284b5f7118824dc
-
C:\GalaxC1\optixec.exeFilesize
2.7MB
MD5a61cd39fb7126076b7729de07c33212b
SHA1c80d50c481c89a9db8d362d64c3d320bce34988c
SHA256a2947502fbd8eff60a3ebc8e6f78201308c14a6db526e579794015eaf2370358
SHA512a302239b96b1b69a6f8cf6cef0bc0adf7940684deac4e0d2d21da09d66a96cff3fb511b411a13be5bc0048baebbe6acacca655a16ef9ac6593e5db5d676dd4d7
-
C:\SysDrvJ5\abodsys.exeFilesize
2.7MB
MD51547aac6dcfada6bbc009a8f02f7eab0
SHA1e05adb4fcc8ca48372468caf648b3b31934a0dec
SHA25679684500b52c80a84227b41b44424447c1db38dfe872440ff2306e7008f708e6
SHA51244dc01ac3e8026c45c69b9a320cf63864e59ab5ea58bfff3eb6d5615e585caf9f82d5d52c5a219316973a04fe7486314763869ead98596c68139483c98d7752f
-
C:\Users\Admin\253086396416_10.0_Admin.iniFilesize
202B
MD5559614bed0685b3601a58821f669ab39
SHA120ec9cd02933e94a624f025499f511e6440fd7da
SHA25627d4606be60ee8e8ddf12fa32bba28b92edbf1ef5b094b238bd8fa0025b09613
SHA512cb628bf690c7252376bfabe7fb18f8c9abf1d55309ffe4a8576ba6e3f1dd28f54315b5501aab2d965c3c3bc916831cef8c5f7eb75d5389dae839dbb22bdbd286