Overview

overview

7

Static

static

3

d69af4da76...95.exe

windows7-x64

7

d69af4da76...95.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d69af4da762f2eb828fc54484b6314ff9d5bfdab81905cd4d16418219ba14495.exe

  • Size

    2.7MB

  • MD5

    1365b19a3a62df414e3cd95fcddb82b4

  • SHA1

    963039972f615392199252dab261cac0c2619193

  • SHA256

    d69af4da762f2eb828fc54484b6314ff9d5bfdab81905cd4d16418219ba14495

  • SHA512

    a34c5f1bf2924b8402e05404ff4295fa7fb0215f089bf3bc1d7104a6598e28088fcd0dddbbaef0335e9318b75eacd21a026ddf3396b0dc2e600d30a1d2a8bc76

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBB9w4Sx:+R0pI/IQlUoMPdmpSpx4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d69af4da762f2eb828fc54484b6314ff9d5bfdab81905cd4d16418219ba14495.exe
    "C:\Users\Admin\AppData\Local\Temp\d69af4da762f2eb828fc54484b6314ff9d5bfdab81905cd4d16418219ba14495.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\FilesEP\devoptisys.exe
      C:\FilesEP\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesEP\devoptisys.exe
    Filesize

    2.7MB

    MD5

    da64036504efcdc5651c7706eee49f02

    SHA1

    b456ccf20aede6760f29137d23484c4333fc9f7e

    SHA256

    205deb46eb59dc4c5a8b62ec2ea6b58bb96bf5dea76490f4dfb9d1d26b5132e3

    SHA512

    a10e6c4306ea94db635fa2d751ff04782e77585eb5466388829a54b07927bb683c792ed0c12c50de12bcdcca324b34a614814dd6a583b756c9814ccfad65a9ed

    Download Submit
  • C:\MintOU\boddevloc.exe
    Filesize

    2.7MB

    MD5

    65e046bb0e811b4ac617e503a944bc6c

    SHA1

    b3888637611e1036907ada7cf8c3a2c8fc4a6e40

    SHA256

    46ef9e12275856f5a6ac75dd1117beaf2d1fc1d0ca382d9920ea6aeb8f857073

    SHA512

    99ab3109458af216f8021e8cf4315442a29889a048bad698a4588b7edd46006a2979a8c404198b5c503c8a575647720acfc3ea71134218867990f74a1f29636e

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    1ace8f6584b8b0490d669dcffa037e65

    SHA1

    da417a08120c7d9f3845873c9eb78e8c1d7ec153

    SHA256

    4fe8aee9bb3fdb3c6fbad2abd47c26152f5bd14b1f9796135afa295386fe76db

    SHA512

    08fb78a630ddb65fc54076b5eda1298d92be315fde6c4760a640db76718511a1ab677762f76d8eadc9baf9bbfea64b144687ddf24ecff2ee1844bc151005366a

    Download Submit