Overview

overview

7

Static

static

3

ca14e9a0e8...8e.exe

windows7-x64

7

ca14e9a0e8...8e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca14e9a0e86dd792b300cca4d949bbf02d281801a8ebf8bc8ce90c0a912fd78e.exe

  • Size

    2.7MB

  • MD5

    273e642d4691f49f50fa86fb22dd37dc

  • SHA1

    cc1a05ad460a2468866c039c823c1a0ad05287b2

  • SHA256

    ca14e9a0e86dd792b300cca4d949bbf02d281801a8ebf8bc8ce90c0a912fd78e

  • SHA512

    08f954cb4adcfa38c31e705a86cf69c9819bdedb0c81e855b51d435da2febc5f0d6e47d02855c49c2c96932b79875b5d0ad2bc226bac0411979a4274d4750d62

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBp9w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca14e9a0e86dd792b300cca4d949bbf02d281801a8ebf8bc8ce90c0a912fd78e.exe
    "C:\Users\Admin\AppData\Local\Temp\ca14e9a0e86dd792b300cca4d949bbf02d281801a8ebf8bc8ce90c0a912fd78e.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\FilesBS\devoptisys.exe
      C:\FilesBS\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax5U\optidevloc.exe
    Filesize

    2.7MB

    MD5

    eedcccc94fc2fcabb4ce745805db99d0

    SHA1

    0b3e27159d23bfe838bad0438c09d404ce4e32b8

    SHA256

    e2472cd844a73bbcafcb7a697c2042c86b04678e1de9fe9e114a1ce53c379fc9

    SHA512

    1bf0d2a8eaa9baecdca3c8ed0360ed22eb1eacd65d6987f5cb144d3edcf95df4a7312d5c0ce68a06fec8e6547e3e225b33d3e12a50a53e6d07b92c79f5af9628

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    209B

    MD5

    49b020cb6d59dd9897b54aca58a2b912

    SHA1

    365eae96b5785ecbbd354443cff3729f14400115

    SHA256

    d152e355a78002dd3b1f9f50d8cac8f8b9c0dcebac2f79f358383513926f1b5b

    SHA512

    e9d773dc13a787b6f56e6bbd8ea5fec9abd27a849c817e53c129dfec7777491397e0c18d57099752f27aaff03d67b9385945c0a4552f655a8b45dfd0747372ea

    Download Submit
  • \FilesBS\devoptisys.exe
    Filesize

    2.7MB

    MD5

    b43561c02528827b157caad1d613cf03

    SHA1

    97e14b8291c0853fa494124a996fb4d4e994f50e

    SHA256

    d8aaef38b04eb82fa72db4b66243282765fcd6458ced6ee23a4d6a52c9306203

    SHA512

    e91288fd5b7520d72674944eac37400aa0958ec94193c1c91e0a75dbc8fa96d95ca62a9a9e05da1dd01cc7ac0363aa0f9b58a7a83b623f658b01ea37489a69fe

    Download Submit