Overview

overview

7

Static

static

3

751cafd747...21.exe

windows7-x64

7

751cafd747...21.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    751cafd7475c9e1e73acc2c0585696831cb2d8891085d30bf8c5fe7a0220b521.exe

  • Size

    2.7MB

  • MD5

    243c3f395dd317abc9b3f77a5eff6a90

  • SHA1

    a0917ec464cbe57f8cc3d296a6cd39e1818fc921

  • SHA256

    751cafd7475c9e1e73acc2c0585696831cb2d8891085d30bf8c5fe7a0220b521

  • SHA512

    1c0b0cf76ba7c133498a294b6000887db252f8e977a1f693dc1fb8ee0bc2b2d5a0ec39ba62a8937812a609d056cc1afe3ccceecee7dfd2bb6f206a450ad913f9

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\751cafd7475c9e1e73acc2c0585696831cb2d8891085d30bf8c5fe7a0220b521.exe
    "C:\Users\Admin\AppData\Local\Temp\751cafd7475c9e1e73acc2c0585696831cb2d8891085d30bf8c5fe7a0220b521.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Files5O\xoptisys.exe
      C:\Files5O\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax16\bodxec.exe
    Filesize

    2.7MB

    MD5

    2473fd694412c484deefe8b6b77cbd01

    SHA1

    36e8671991d2950a973a990cba19ea036188da15

    SHA256

    2ed874c7e649af3a1405ef7decd4a3a8f1d66b616e6cfd04dea0a7c9153b2ffa

    SHA512

    f7f34663cf9c13a2fff27c4b3cc86f896a083d25cf398aa289c2dfe3349f2988d2f66a61b21674bb6c1dee05d0b96170fa8da40946bb2d6754fe8b74e3ff10ab

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    c58ebffe3317df94211186843f45e65d

    SHA1

    191020996da39c379175e7d5f56622f0fb09c55e

    SHA256

    6a26a52bb4ffa3c0475347522682b56985e01f59c3d3420478db0b16499ff23f

    SHA512

    b2d819495c9764a805401ad233ba9e9e26ebfffceadb3606e86c12065087cd03b5576989951bb9c9ed035dd9959d97f53099bf0540eb95fe18fca99637696c48

    Download Submit

  • \Files5O\xoptisys.exe
    Filesize

    2.7MB

    MD5

    f90662264d7eea89ef9d1068f7a20292

    SHA1

    b363f724203e95820677088551e86e21ca092f7d

    SHA256

    09dfc1a552c82eadb4f037a472e75e1362bfd814a3c81a505cb9fd36ae5f6fcc

    SHA512

    632582e9a7c57aa48543b91c4b9fc6d6de4bba323f6106a0fd30e448efbc930d10a457eea28ec98982bf7330a7af6622245f52ea0dfdcd46fb3558e606934375

    Download Submit