Overview

overview

7

Static

static

3

08c03a107e...ee.exe

windows7-x64

7

08c03a107e...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08c03a107e01abe2e51a294473af5a9dc6a92badb0c28f224ded0b47076269ee.exe

  • Size

    2.7MB

  • MD5

    0e7bce639bd393d4a617ecc9aca895eb

  • SHA1

    4982239b2e18dd4587905436cd0e14770ca2c0c7

  • SHA256

    08c03a107e01abe2e51a294473af5a9dc6a92badb0c28f224ded0b47076269ee

  • SHA512

    10eeda7c7a19ad7c5a6150d02c7d2c520b820fa0e4aeccaaaf8394e9ad1d7fab54b5c8c5422672d3c760fba9b1beca8b40185b5b932730cf33dee072a12826d3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08c03a107e01abe2e51a294473af5a9dc6a92badb0c28f224ded0b47076269ee.exe
    "C:\Users\Admin\AppData\Local\Temp\08c03a107e01abe2e51a294473af5a9dc6a92badb0c28f224ded0b47076269ee.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\SysDrv5S\xoptisys.exe
      C:\SysDrv5S\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1208

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBR0\dobasys.exe
    Filesize

    1.2MB

    MD5

    dadc37d391222d81bdaa3d3c024e3ec0

    SHA1

    8f6ba6f4fea588c9ffa905bb24b6851f305f6a9f

    SHA256

    448f7940257868ce48a79c6f6517f732d098053f4aad257f8c28a5fe9e743021

    SHA512

    8389757508c3e630aa566363550c30fb72a5593fd1cc482e2e8cbdac9fb0ff9b38a7839b03b4dc676ee87301b479139ee8aa59155e2b6671efc368cc7151fa30

    Download Submit
  • C:\KaVBR0\dobasys.exe
    Filesize

    2.7MB

    MD5

    3dd789c2d98985568668d9e01c8098f3

    SHA1

    04bfb50b2c8d3400d86f184cb49c655b5e9877d5

    SHA256

    739b4a625b7a82920874ba5cfb6a4175d3d1b778282e1e501ec28d12ffa89735

    SHA512

    a5873560dadc462dc4755daf8ba6e9dfab31417da25865aa4c0879c23dcedc5d8349c61b7a4eb46ce74074444c75ce2d640b5f7be119455a25f95f59baae6b84

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    f0810a139e3726d988e564030417f01a

    SHA1

    6de8f61c1f7fd7d552e2d9caf7d102acd970f246

    SHA256

    444e391d1896a3aea0bcc5562c1849e8ef8c4f10a132b66ff5d56f30d0f2bed9

    SHA512

    ac112730af5e138c1fc96493520b8d04c3e1164428ef03fc4571b4a6dfd80f7e128d922c976b0e6bd117d8268d322ecce83df9edb190a15b9bb003446dc0618b

    Download Submit
  • \SysDrv5S\xoptisys.exe
    Filesize

    2.7MB

    MD5

    820b9372908c4ad1ab6e1f9f215f97c5

    SHA1

    85ea0088761092f587246f23b626eb2330e0aeef

    SHA256

    58ffa6476dcb33176a98d2b4ecf5d378cc2092bdb4a3aceee1a487b1cc88d66d

    SHA512

    100129eed00fbddfbb3da331a5eafba85713ed57569dd1c4c6a4e494103a4ea6e351ba22f5e16aa597840dfeecc47fbf2d8749cdfdef99dec1c5359c83b06220

    Download Submit