233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
Size

4.1MB
MD5

48bbe0374e16d6fbb5c7f0a981ce3745
SHA1

abea5d1702b67b35f80262d01f97b05757564529
SHA256

233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591
SHA512

1df313b9176fea86afa81c567d035404a6020ccc486245c95cadaa805535dd47e491ecb41525cab5fbf1c39a071122a9283ddfd9e079344465b68a2be5a189cb
SSDEEP

98304:+R0pI/IQlUoMPdmpSp34ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmY5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4372	aoptisys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesEF\\aoptisys.exe"	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintOV\\optixec.exe"	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4372	aoptisys.exe
4372	aoptisys.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4372	4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe	87
PID 4784 wrote to memory of 4372	4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe	87
PID 4784 wrote to memory of 4372	4784	233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe	87

C:\Users\Admin\AppData\Local\Temp\233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe
"C:\Users\Admin\AppData\Local\Temp\233a93d087f069b9e002382dac9985f0fb82901e75455e39aa81a3ad795fd591.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4784
- C:\FilesEF\aoptisys.exe
  C:\FilesEF\aoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FilesEF\aoptisys.exe

Filesize
4.1MB

MD5
60bf27dde608e75255a5f9037fce1da1

SHA1
912e1e293c611c3188980f19bd8b222200d0e571

SHA256
db54eb0fdb1b0636160f2630b27842ab8fd0dd6270335150dafd98f93a1714a5

SHA512
96c355e7ffbd3e56f760e17b3b3a4b05d87d05578cd967e3c566da1094286b5b529381bdd6beebe4b9908fa1c2399275aa071f0c4f82a806bcf7f46364008171

Download Submit
C:\MintOV\optixec.exe

Filesize
220KB

MD5
17956729d1b66a51c25c6164b73eac02

SHA1
96a0bce267e05d0e29a76ad2b6d2cbe7c0aee147

SHA256
aaad13d56cf0b25f1548772241722759f83267aa9f94721c88e1617c8e390ee3

SHA512
3959c30c37b85bcc3c0f7c118661503afb66db3d23d58e5bf1348ec983d760890ec690747b59329498eaca6939b19d59d1a58fa34c0cec6b10b2698cc08c8233

Download Submit
C:\MintOV\optixec.exe

Filesize
4.1MB

MD5
f180244e04cf9808728db8df8d7132f7

SHA1
814ea61bbb96f65a826e2974f1f769ff7c1168a3

SHA256
030d906e17714bf5ffbc23c56cb7a153347b7da54a0644428479642b68e0fde0

SHA512
6bcc9641d9c8a5b5c5eaa00e627f499b7bd94db2b3bca871e51ffcf45773a8de923ae7d2beafd8aa9944f34b8e1f8038551e24818119821a1beb85d1b896b3ea

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
200B

MD5
3be66bf9cd62b3c11387d15caf3582d1

SHA1
e3b3a18b375d4041af240573b904981d20e75e35

SHA256
86497f48aa2c0f0930e7ae807208e8cba68806502728a833af1ecafd11ed01ea

SHA512
836b2c81c845a1682a4b7f8d987ade3d380fe5cf618239f2be303c27fa4437f6b4d7023f5e39cb4ea219c9b3cd5e914a8e09af351a24c9d1e71e677b94c62d4e

Download Submit