0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
Size

2.7MB
MD5

a3c4741790b8449892e2cb5959a3764e
SHA1

00d17067d5f262d68fc434980d50c89efdb5406a
SHA256

0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562
SHA512

3927773d99e8b69bcb20e8d647da754ac411e1a394520512e2a2b41e804b6891da3238b448b4f1a7f7b6411b4b25288dc7410093805516f2989d855ff02b8173
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBF9w4Sx:+R0pI/IQlUoMPdmpSpB4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2704	xoptisys.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotJI\\xoptisys.exe"	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\Mint8C\\optidevsys.exe"	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
2704	xoptisys.exe
2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2704	2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe	28
PID 2040 wrote to memory of 2704	2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe	28
PID 2040 wrote to memory of 2704	2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe	28
PID 2040 wrote to memory of 2704	2040	0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe	28

C:\Users\Admin\AppData\Local\Temp\0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe
"C:\Users\Admin\AppData\Local\Temp\0e69c5e9f92a05742596c2efa3c6178ecbd1a125b8c43d087ded22c985dd4562.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2040
- C:\UserDotJI\xoptisys.exe
  C:\UserDotJI\xoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Mint8C\optidevsys.exe

Filesize
2.7MB

MD5
88c026e75c533f70a739fe1ff037a033

SHA1
2f0f68ebd41ebe939dcbaf7719720d0b7d1a6818

SHA256
162ab8b4e636b3359f0e4d4dfe7473e611052933f14347ff601f472a1022f2a8

SHA512
494c75c1052d513e7deb5c89e0091bc7dbbd5ff45f24245d5d4870c07e558ab39b6a6f98f6078a5a27ef76608921867cf9f2c1f5d6e38e670c5f5f3be883c128

Download Submit
C:\Users\Admin\253086396416_6.1_Admin.ini

Filesize
208B

MD5
9fa62ae963588565badd44657fd8ac6b

SHA1
23c6640448060873467d407dd185e333787c7868

SHA256
4c7914e41de396c09e592f8af3c62edfb7e4b5a895d6f0d2f028278b34416b6f

SHA512
36a1e285154ae2f76ed1976d49cb750202a5c527d67fc2445b6309c3a2d7d37e707edbe515463cc0d3b0ef899b907ed78c447ec4e9dc75b583d8cd465c9ce1d8

Download Submit
\UserDotJI\xoptisys.exe

Filesize
2.7MB

MD5
1130f6c1a0c6ae05ba89eb6fd4a9ae9d

SHA1
6cd36e226c71eb39a2363f55b25a75ed22e53ac9

SHA256
d08b3e86d5155d505b884110073ed18e830641e47d2c5eabb053d13fe243c2b6

SHA512
09ddf9cdd437e085fa4ffd0078cb44a136150cd5ad287007acfdbe722effaf0c18e7213396aafcc6db093680861cda92d6cab44817105265733ee29b0d3e308a

Download Submit