Overview

overview

7

Static

static

3

3a064e72f7...33.exe

windows7-x64

7

3a064e72f7...33.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe

  • Size

    2.7MB

  • MD5

    6c65acb2269366afabb36060087af761

  • SHA1

    c72e3f26ecba28352b5b3fe7a4e55817e5956e48

  • SHA256

    3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633

  • SHA512

    4fb57482da7b5de67719c41b227bf0bb1237f99830491a5c9e217e82278063a6fae09ec6a3fca3a0d433be3940b626987bb9d7c1f7bd7d3de5cc1556a99920fd

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB99w4Sx:+R0pI/IQlUoMPdmpSpd4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe
    "C:\Users\Admin\AppData\Local\Temp\3a064e72f7a39a967bcdb3931d935f9cd98b9e5e39e8a02b3df87eaa8dbdd633.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3260
    • C:\SysDrvJ5\abodsys.exe
      C:\SysDrvJ5\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2388

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxC1\optixec.exe
    Filesize

    1.5MB

    MD5

    8e32b8f2c76acbd24f0e95882a9eec2b

    SHA1

    0820f7a965ec1173c97910b63954b488a53a5f40

    SHA256

    72bc23c2776a0a9b7b257fcbc6a85bc23443678a740f02146ec2e9d7aa923657

    SHA512

    3845588becd1ca30bfd6ef7bda38b40d631724f2d1270ec8c6266fb4a01e85cfa09099d4e73f171725db435f6de5d87d3f7376a77cb20a59d284b5f7118824dc

    Download Submit
  • C:\GalaxC1\optixec.exe
    Filesize

    2.7MB

    MD5

    a61cd39fb7126076b7729de07c33212b

    SHA1

    c80d50c481c89a9db8d362d64c3d320bce34988c

    SHA256

    a2947502fbd8eff60a3ebc8e6f78201308c14a6db526e579794015eaf2370358

    SHA512

    a302239b96b1b69a6f8cf6cef0bc0adf7940684deac4e0d2d21da09d66a96cff3fb511b411a13be5bc0048baebbe6acacca655a16ef9ac6593e5db5d676dd4d7

    Download Submit
  • C:\SysDrvJ5\abodsys.exe
    Filesize

    2.7MB

    MD5

    1547aac6dcfada6bbc009a8f02f7eab0

    SHA1

    e05adb4fcc8ca48372468caf648b3b31934a0dec

    SHA256

    79684500b52c80a84227b41b44424447c1db38dfe872440ff2306e7008f708e6

    SHA512

    44dc01ac3e8026c45c69b9a320cf63864e59ab5ea58bfff3eb6d5615e585caf9f82d5d52c5a219316973a04fe7486314763869ead98596c68139483c98d7752f

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    202B

    MD5

    559614bed0685b3601a58821f669ab39

    SHA1

    20ec9cd02933e94a624f025499f511e6440fd7da

    SHA256

    27d4606be60ee8e8ddf12fa32bba28b92edbf1ef5b094b238bd8fa0025b09613

    SHA512

    cb628bf690c7252376bfabe7fb18f8c9abf1d55309ffe4a8576ba6e3f1dd28f54315b5501aab2d965c3c3bc916831cef8c5f7eb75d5389dae839dbb22bdbd286

    Download Submit