Analysis
-
max time kernel
149s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 22:24
Static task
static1
Behavioral task
behavioral1
Sample
614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe
Resource
win10v2004-20240508-en
General
-
Target
614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe
-
Size
4.1MB
-
MD5
b3948607d2225b191fec016577cec140
-
SHA1
582220e9a7808f1d0aa576e64adf2950b24e4bd1
-
SHA256
614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d
-
SHA512
a6a8a6281f9e4eb6c36bba2bd04a2250fd67f7d4a2fa251d022fb022ee7bc63784562494f6cabdaec181278833f53116da34602c83fb1f562ca0f4be389a313a
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSp/4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmw5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1344 devoptiec.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Intelproc1Y\\devoptiec.exe" 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZB9\\dobaec.exe" 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 1344 devoptiec.exe 1344 devoptiec.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4200 wrote to memory of 1344 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 91 PID 4200 wrote to memory of 1344 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 91 PID 4200 wrote to memory of 1344 4200 614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe"C:\Users\Admin\AppData\Local\Temp\614ed683bab245503ded537e8f027944698a41490cb1b73b58df03639e05657d.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4200 -
C:\Intelproc1Y\devoptiec.exeC:\Intelproc1Y\devoptiec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1344
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD55376a124b0af56101dc99d7534452b7c
SHA139a925a3cdbc01c9d4c10473b7800db6a2456c64
SHA256a2c5ad4c0ebc668b92ae5ae79da53b2c642f4d84617294dffac2c861c417d0ce
SHA5126786a2cce406036049d02ecaa23839f96aa1796435f3cc0acb43daafb91d4c681e86d4c2f706d1323bb409965ace89db1eef2ab720cc319b362d24ff99243825
-
Filesize
17KB
MD50c9f693724040eb946cf0570b4191a45
SHA1c07f48eefda7d2d604318426889183d47f0b24e9
SHA2568f559e4764a709d13201f431027e0515f77103ce5840d1050ff07d60cf893cac
SHA512b8baa3976a43fe4cb2ced6e52c4accf2ddc1cfae29ea7d4a58bd94e10cf0b8d23c8a9e8ae140c9a76695c50babe7164433b9a39dc1e766e0dab5fcabc2f9fc43
-
Filesize
207B
MD5c3548cbc17aa31659c6714023c6cc1b5
SHA1f46477a3ceed819a59093ed1ed3cd6448a5798c9
SHA2563ff73ee9b5017deb32e354a13bc22a85f081bec96b4d35d7b02cc8016266f6a7
SHA5128b7abb496492730a712a1198b36f85a3b9046304eefa4ff4620ea8ca5f7393fde12175b3211d2f2ebd17f7cf9d32f791a071b55f5e62018041b355fcf8dd8e8a