Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 01:22
Static task
static1
Behavioral task
behavioral1
Sample
a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe
Resource
win10v2004-20240508-en
General
-
Target
a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe
-
Size
2.7MB
-
MD5
031d97ac9ce9a3fe11368395edf8aef2
-
SHA1
c3dd9f745b537c319e9cf20e3b1a9f8c7c1fd9d7
-
SHA256
a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55
-
SHA512
4a96780d432d4a1b7ad328eb4e0b5b6d89e79fb78b6109a0261986d947e5f3de5c928ddbe6731ba779a821d465ed9af06a060a6efe30513ca4bdfe92589029d4
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpH4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
aoptisys.exepid process 2672 aoptisys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxF2\\dobaec.exe" a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDot5X\\aoptisys.exe" a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exeaoptisys.exepid process 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 2672 aoptisys.exe 2672 aoptisys.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exedescription pid process target process PID 724 wrote to memory of 2672 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe aoptisys.exe PID 724 wrote to memory of 2672 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe aoptisys.exe PID 724 wrote to memory of 2672 724 a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe aoptisys.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe"C:\Users\Admin\AppData\Local\Temp\a50a73c75501bcb20bebdc2972dae8bc41c48c619de60457890f26d62fa96e55.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\UserDot5X\aoptisys.exeC:\UserDot5X\aoptisys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3980,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\GalaxF2\dobaec.exeFilesize
2.7MB
MD557e9a8214a64922e70eb6084bacbc302
SHA1e95278642015ec87538cd9c2ac08c303a4fbcf54
SHA25616a0a78fc6dd4c0d315f557dde50813a7eaa0f2471a77f62732d0f1199b6003d
SHA5123c934f350d729ccd39ac349dd4289fef989303ae34bd5b8c2afeb66ffb21b7d4ff1c5f631b301a141b294a8a2b33f5ddda6e004b7d0686be3d9967f23ffa04d4
-
C:\UserDot5X\aoptisys.exeFilesize
2.7MB
MD5305ad9f6cf81c9b0989d57c3aae941b8
SHA11d056a91f31b2f2483de55f336dcef7ad081e049
SHA2566dd6df4726dba04d50e8ea3d9a111bcdf27cdd57d0b927f92c4c42618b4e4e49
SHA5128933c88a6d0160a736c75085accd9e3a2873c21e99f428bb4b53ce91bfdaa43128bf3e56e48483e63dec59ebded9c5eab87e7fef52de57b7ce3afed933556971
-
C:\Users\Admin\253086396416_10.0_Admin.iniFilesize
204B
MD5425aabf6f05438cce119b47c9e5b2ca8
SHA18a0c203d8e9f1776073092f640584a650cf954e4
SHA2562cdd2b5d50ce4ba37908ed4779b33b702cd80724023cd3959b6348437e3f1f3b
SHA512ab10338bb31163c63d50b36320be12ea0cbf369273c8764bbf175c24b055b5f15bc89c89dd1ffdee9c6f0797231dc6b8a5cae7569bd04cda664bd2a08fe3d0fc