Overview

overview

7

Static

static

3

38273ab30f...49.exe

windows7-x64

7

38273ab30f...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38273ab30fde78c56a94bd024562a23abb0dabb439e5d0b095c474e44c0e3049.exe

  • Size

    4.1MB

  • MD5

    9001c37c00524efe8bc17d6d4d3bee74

  • SHA1

    c7ae34afd385c93bec1355f0f34d460d5dc43355

  • SHA256

    38273ab30fde78c56a94bd024562a23abb0dabb439e5d0b095c474e44c0e3049

  • SHA512

    6169b7fef9c0d81497a30afaddd5af8d608465b009ab54f39aab092bee538b7a590eb6d49a77d0f5532ebf16987f4bf9ecf23d91281ae6868d554c9940262aca

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpE4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmL5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38273ab30fde78c56a94bd024562a23abb0dabb439e5d0b095c474e44c0e3049.exe
    "C:\Users\Admin\AppData\Local\Temp\38273ab30fde78c56a94bd024562a23abb0dabb439e5d0b095c474e44c0e3049.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3912
    • C:\Intelproc4O\aoptiloc.exe
      C:\Intelproc4O\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc4O\aoptiloc.exe
    Filesize

    4.1MB

    MD5

    d1008c5405f94c42e93a158fd7f11911

    SHA1

    160456ab521baec61e652368ee344a52c53642a9

    SHA256

    eaec3a19f85f6b9d68cca54487be0accf95d663b77b83d3cd9c53208ccfd432c

    SHA512

    31c18800f05d2d81c6b8ba10b91274856c963837ab407b5fa1a8ec54d4802893a91b284621772d5559428ef2472ac923cb91674550d0c08a5ec1edf09c82bcbc

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    1e1fc0fbb40258a73250c86033304135

    SHA1

    7f0a1f264564e6296c635610ace6eade24422812

    SHA256

    eb3128d5563582a938a1133b9c251a7e8e1784764021251d53ad913afdb10652

    SHA512

    5c0cf17e45d54b57153036d050dd67b3a48f37a16b547da3cf05869621aa340d27cace9a8942a53717c1138fc0fd8207cf16036f06f4f1426f7f6272cff57d6e

    Download Submit

  • C:\VidQF\bodasys.exe
    Filesize

    20KB

    MD5

    6bd8443c93a6406edcf5be3336c5c3b7

    SHA1

    6c0b306d3158b89ab61917e995d691f14cce29c3

    SHA256

    62b45c18456d395942dbe98e420a584a073887a123ab6b0d0eafc82779d21bd7

    SHA512

    572cb72aacabfc0cba7c895e30c73c8a087ac7ea19391d7e16447e38aec74a9194bff7dbb0b3f49bcedcfcc4f1ff29a2a2e981705fdb99883b807f9e58322c83

    Download Submit

  • C:\VidQF\bodasys.exe
    Filesize

    4.1MB

    MD5

    c167f180c7628aa3c1c033326fa3f485

    SHA1

    69270dfc6921ab90bc989271e8f9ab04c5474e20

    SHA256

    5875f624433eb58400c3d18e136e73aab3d2e8c5f85def88753b21d5392cf981

    SHA512

    20ac6661d0ef68b7c6f0913dc25556b98d6c07a37e8d6239f3e18140a36170a4efbf58c1c83674119a537a19b4216daceb8f3e0bb9aed938b2314a506305d063

    Download Submit