Overview

overview

7

Static

static

3

c4f2fc0376...67.exe

windows7-x64

7

c4f2fc0376...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2024 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4f2fc0376ff24eb277058e9e8a90c430d390c4df069e2200e40d33bcb5c9d67.exe

  • Size

    2.7MB

  • MD5

    a7d4edb9a2ac8ba958edc0a9ad3b547d

  • SHA1

    54c614eb1e55f702ed76356807ebb176daeec325

  • SHA256

    c4f2fc0376ff24eb277058e9e8a90c430d390c4df069e2200e40d33bcb5c9d67

  • SHA512

    f7254734b15c528f8a45e6de8107c7e5dcb285aca1f2757212951a0f5272805c0d83f1f774af908598384f096540fa4e8b6435c6192b41439580c2e2a998ec78

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB99w4Sx:+R0pI/IQlUoMPdmpSpB4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4f2fc0376ff24eb277058e9e8a90c430d390c4df069e2200e40d33bcb5c9d67.exe
    "C:\Users\Admin\AppData\Local\Temp\c4f2fc0376ff24eb277058e9e8a90c430d390c4df069e2200e40d33bcb5c9d67.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:816
    • C:\UserDotKD\devoptiloc.exe
      C:\UserDotKD\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2452
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4320,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1324 /prefetch:8
    1⤵
      PID:4920

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\UserDotKD\devoptiloc.exe
      Filesize

      2.7MB

      MD5

      d4cb9696ad3e7587dad64f3c2d9d7e27

      SHA1

      fe456b5f631ff465d67420da0b4603138190f5f1

      SHA256

      20b8928b3688e75010dc26dbb0ff3eb745e8240af2cee8c22220303e582b46a9

      SHA512

      7ac950d8d9595c9e70660ea9f33096a66d66d397d0fb3c299a14402b52a05ea93ee1bc30fae8c937fc6226e29894d73278376e61b719fd1437f88cd34f0e1723

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      199B

      MD5

      d1843de18d3fb22eb8a78e3a78a3c4ff

      SHA1

      9b1d031e9a4e6988e6f4a8f407edf5ee10e62a4f

      SHA256

      79e90db18a799a15ee8a7070a769a5765edb4352e01561b1b414122c1a041322

      SHA512

      b0ae641ac5171ce52f937510af318e858766b38d8ffcd5ed7bd16f5ac13a6f10da1324bca6a1bb62d401acc26c2b71e86603e6649102a6c7476bc6e3738a47d6

      Download Submit

    • C:\VidWF\optixloc.exe
      Filesize

      2.7MB

      MD5

      97b4fbdd7dfd26a3d6644a564e5fb797

      SHA1

      9fcd3fe0b46e8fd50e4e50080ab8b6a5af0b8b93

      SHA256

      ec582d4aa0d791aa9b63ea2fda9099630aee954f960c8fd2ccac6a0ef83718bb

      SHA512

      54ced7a7f5666c55b98c57c929d905bc7792c678576329921035c6d4d33b877bd286ac50bdc95e63cb72d37ad46b093b02c809dfc5be7c4cad31c44f0f416ed4

      Download Submit