Overview

overview

7

Static

static

3

16880bdf21...98.exe

windows7-x64

7

16880bdf21...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 19:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    16880bdf21b5b257cdbe179aaaa37dc762cf31c437792de7170ff50efaf78998.exe

  • Size

    2.7MB

  • MD5

    4659b8ad52f99570acd4048d5bbb7a54

  • SHA1

    4dbc684a83e7b2dbb20d0f8d40344524344223e9

  • SHA256

    16880bdf21b5b257cdbe179aaaa37dc762cf31c437792de7170ff50efaf78998

  • SHA512

    f827d650ce88a845b81f80dd36c251209c128e6291e3a10e610a648be6d12e2b12fbf23946b561490aa923b623c20f1317638d2394725ebbe21d09f6f909ea93

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBk9w4Sx:+R0pI/IQlUoMPdmpSpK4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16880bdf21b5b257cdbe179aaaa37dc762cf31c437792de7170ff50efaf78998.exe
    "C:\Users\Admin\AppData\Local\Temp\16880bdf21b5b257cdbe179aaaa37dc762cf31c437792de7170ff50efaf78998.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\IntelprocJK\xdobloc.exe
      C:\IntelprocJK\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2064

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZTC\optixsys.exe
          Filesize

          2.7MB

          MD5

          befe25e07cb6379103661d79a0cdfae9

          SHA1

          567b3cc3533ba3708a95bbf689ea2d3f4e196c99

          SHA256

          ecc8c3d07392215707ba107a47cefca4c17bea4d37c6c75b95c0f516c8beda15

          SHA512

          f536d4d09fed8b3682416e779d8cc0c38045de985528b0f2077e2775ba9ba20d60aeb76d97c46b0bb665c5c7cd1de4bc7e31e7d7a9b19b10975eaed36a008b51

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          205B

          MD5

          67a97e7a3205db9c2b2ab9ec0b97f7b4

          SHA1

          5d541fa234b5f5e3950408c8dea8b9309cf73aa7

          SHA256

          723f0ae9f2fd8156e4fc7b64ad8cdc6f06c015d07322ad8d3365ac0598ae4b18

          SHA512

          387fe6ad27397ad732e6992213f481e665efae1e6395c373a030d4bb2aaaf6cae5f95907be39a5f2d3793e5d05239f9b01ac43827be46c30e82b023cac4377f4

          Download Submit

        • \IntelprocJK\xdobloc.exe
          Filesize

          2.7MB

          MD5

          5a0497dc9925e13ad2bbfa348c4ff616

          SHA1

          ee3c29e13a2fdf5c9e59f61be3dc3d16a6775edc

          SHA256

          55dfdd92ea279d4cde7a0ff50d19e3e9117ac49620da1c455ec2cbe7a0ed3ecf

          SHA512

          d048f3209bd4fef318c1c3675cd8459c34a168c23f80afa472aa3c18db9fafd2ad329d82171572207558f4a92c0eaf6b54effa7f652ecef6115962753f81fbbf

          Download Submit