Overview

overview

7

Static

static

3

d69af4da76...95.exe

windows7-x64

7

d69af4da76...95.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d69af4da762f2eb828fc54484b6314ff9d5bfdab81905cd4d16418219ba14495.exe

  • Size

    2.7MB

  • MD5

    1365b19a3a62df414e3cd95fcddb82b4

  • SHA1

    963039972f615392199252dab261cac0c2619193

  • SHA256

    d69af4da762f2eb828fc54484b6314ff9d5bfdab81905cd4d16418219ba14495

  • SHA512

    a34c5f1bf2924b8402e05404ff4295fa7fb0215f089bf3bc1d7104a6598e28088fcd0dddbbaef0335e9318b75eacd21a026ddf3396b0dc2e600d30a1d2a8bc76

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBB9w4Sx:+R0pI/IQlUoMPdmpSpx4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d69af4da762f2eb828fc54484b6314ff9d5bfdab81905cd4d16418219ba14495.exe
    "C:\Users\Admin\AppData\Local\Temp\d69af4da762f2eb828fc54484b6314ff9d5bfdab81905cd4d16418219ba14495.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\FilesRA\abodsys.exe
      C:\FilesRA\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintXE\optiasys.exe
    Filesize

    2.7MB

    MD5

    fd182c4851116cff23265bc8b4887c8d

    SHA1

    e1b07ae3110ba42b328105272fdbeec874053c3d

    SHA256

    94719cc523faa43f4536abe7bcab15a9403605aa48f5ac2b049a32f21e646567

    SHA512

    69b6f581203b47b9a1f6fd96879d08276dae384d0ad1f77b3b09c98ec047970da435a7ef1995b04374f484cddcea92ac61eabcde87d589fee55be8b73d860cfd

    Download Submit
  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    10e53b5d229a125f05c38a2535588418

    SHA1

    1609a23511823dd94d007b95fa26372ebdf75450

    SHA256

    1a24de00d7a0240cd73a1daafe0e973cf9aa22f9eeea57ebb006565e5c6aa70f

    SHA512

    1a91fe2ce848ee15c8a78a791e02af57ef43b0145b4db9bbdff41d6ddc46131784006ba8180f3c1d4e7737a4333abd71b19a1c6614ca4311e53d6c909ab02166

    Download Submit
  • \FilesRA\abodsys.exe
    Filesize

    2.7MB

    MD5

    96f13bf78e3ecfc58930c13627c552f3

    SHA1

    2a4cd90b24698f2cea86998acf775f9d6f36b83c

    SHA256

    01c2525e311aab9890639356326236758278ffe1df1f5fdae866de94aa57fce1

    SHA512

    e22729aad3b03bab394b22b79bd047835687b91056fd49df2a9a50bd5a12abe9a500522197816ae2ce0c7f0f2e1228c6929a1d56648774cfea1999d97677cb64

    Download Submit