9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f

Analysis

max time kernel
149s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
Size

4.1MB
MD5

70f25fa50930e26dc67fcd583f552ac2
SHA1

7c8bfe11778fe57c6e21020993aafd32b766871b
SHA256

9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f
SHA512

f7a9e856f5bf8b59119eaf0a1b7ab246eda0ac1a253b9318ba65fa104588032677c79e571ac74ecac532a47df5ef3cf39555daf046ee591f931a434b82ded777
SSDEEP

98304:+R0pI/IQlUoMPdmpSpl4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdma5n9klRKN41v

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
676	aoptisys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesEF\\aoptisys.exe"	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintOV\\optixec.exe"	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
676	aoptisys.exe
676	aoptisys.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 676	2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe	87
PID 2356 wrote to memory of 676	2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe	87
PID 2356 wrote to memory of 676	2356	9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe	87

C:\Users\Admin\AppData\Local\Temp\9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe
"C:\Users\Admin\AppData\Local\Temp\9ed4726278bfe2739ac882cbaf132c233b1e4f73b2710a17eda2d90a3e272c0f.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2356
- C:\FilesEF\aoptisys.exe
  C:\FilesEF\aoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FilesEF\aoptisys.exe

Filesize
4.1MB

MD5
fb58bf701c2f22ef8626c79bf30865e4

SHA1
a06ff13bbd914f85bc6a971ff5bfe215001ca88e

SHA256
1d8afe0ffad2cd46141a27293ab0a16047c6d771713c60753467d9b8192dbb0d

SHA512
90fa06f0172b57a862498fb195dd25b05d104afd9769b2a99026e5d798583329b9ba362d1830c552a2b8e2905e392fa94bf5b541b31e8f886063146d71ce45f8

Download Submit
C:\MintOV\optixec.exe

Filesize
15KB

MD5
bbb72a49d33348f4b9d48c9ff6d0eaff

SHA1
525fb036947110ed4db3b869e50d575a11cfe6de

SHA256
2f142f254f096d13600df226aea208944d068e4f5d3911bbff669bc1ca9552a8

SHA512
ed4dad637f791395d85b207c0132b93916e3c69d08e1abfb6dab67939a18ccc223e20e583f06425d8128b7a08092a316dc29211f3c9639212c56208ebebef3b8

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
200B

MD5
fe0c89847c2632ba030de217a3392195

SHA1
db132052addd4a2e88f25a82c6e88bb1e4611ad2

SHA256
c9184dfe72fa65e1a1e6ed650fc8346c4e36b2ada798d5d2cf6c6f12a501e7be

SHA512
e09a81859f57238a689e429ade6706141d10d601e6542c0c5d3f550a5309754d8fa70b1db062a9452a5714d51e3c68a8aacb6721a40b9dd711899fa184124cea

Download Submit