Overview

overview

7

Static

static

3

f715b76a3f...1c.exe

windows7-x64

7

f715b76a3f...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 05:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f715b76a3f5a9af6f08f68f1e337b9ad88944449a73d47152519c7bde3832d1c.exe

  • Size

    3.1MB

  • MD5

    f93989fe91432ab483ed3edda3d84814

  • SHA1

    c193cdc726c8d6a5eb1ff0fd626a988626f0a90b

  • SHA256

    f715b76a3f5a9af6f08f68f1e337b9ad88944449a73d47152519c7bde3832d1c

  • SHA512

    0664cccb61106b4481bfdfdf3e07ccfb0d8cc70e77e7ce80a13a7120eefb22bbc9a4297de6dadb8ff5a2dfdee647989bdb13b2dcc0937287398bd3ce229bebdd

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LByB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUpJbVz8eLFc

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f715b76a3f5a9af6f08f68f1e337b9ad88944449a73d47152519c7bde3832d1c.exe
    "C:\Users\Admin\AppData\Local\Temp\f715b76a3f5a9af6f08f68f1e337b9ad88944449a73d47152519c7bde3832d1c.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3788
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2396
    • C:\FilesUE\aoptisys.exe
      C:\FilesUE\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1644

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\FilesUE\aoptisys.exe
          Filesize

          474KB

          MD5

          df048d9db6aa48b9879f99e6fb4f1552

          SHA1

          17967ffc43b2f69045161954fb7ca18ae0395aad

          SHA256

          53b420d22ea9f01a959086ff33ec23ab676e226e636443b7515b24846cb56c79

          SHA512

          60780e36aba568abb3f2464402ac102e46ae4b1052207bd7693f8a646f9d6cf7c298135268d3a352800c0fee0d0287eabed6962fe3a8752238afe058c806f761

          Download Submit

        • C:\FilesUE\aoptisys.exe
          Filesize

          3.1MB

          MD5

          2dd9975b5a61859c358407b30d8ea182

          SHA1

          d5e46f7204145ad3045e32f0003f617cf7be12c5

          SHA256

          4fb991baea3d18133ee4f9133abe748d5b6f745d436305f5a6d3475f716dccfa

          SHA512

          d5f5bd41aad0b71adb666bb08cf743b4e98e1000b35743513ab6e95d09e513664357a3fbc64b4b7a4abd675ed6829987d3c9486e584d43e9b2a04437b79fb880

          Download Submit

        • C:\Galax4E\dobxec.exe
          Filesize

          3.1MB

          MD5

          776162f52ff1492473b933af7b769b42

          SHA1

          8fdf6643f7404f8bd18a2b3786ca28b37b2ab085

          SHA256

          052052575781c2d07aa11d6de21869040ace59ba2d23ee471497db8975d8bec5

          SHA512

          8feee715ea2be92fea15e2b96073aa58f8438d8b60012478e9554ffea5825fe7f2487488f671d55f2dd265fa8bf891b0793296c740a91af9e48c769e7c7520f5

          Download Submit

        • C:\Galax4E\dobxec.exe
          Filesize

          3.1MB

          MD5

          44caa150b60dc5733f3cbce9941d85be

          SHA1

          d716527e7a7a6f33d1dbe3e91f79d8d8bd0d2c2c

          SHA256

          54b5795efe2202fe0c81e1998a120b063ac110819905f21f35b72c6e9723bcf0

          SHA512

          a854bb4fa3fdec0319549c1edba11a8e5210a8de397616961b1033845a7436d30d3582dfaf281914b8db604b6721428d4f4bcbdf6be924e2ffc6ce63ba65dae5

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          201B

          MD5

          ea58d40845b8e797fb3cbefc4eafbe8a

          SHA1

          a9132e3bc8ea26a19ef423d572440544b47cc593

          SHA256

          268d39212b3b88739db76d2b3d1f92f2b6b92dd92dc7fb6f61f083ab0c81bcb9

          SHA512

          5854d37755e05d76c49faab07c05274589eb8df14dae92aba5c956b1d335d5a201323b0684c3a5a8b654c76200b6865f16cb90eb18969fad1b0e24e587dd2c57

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          169B

          MD5

          5dfe1a4abc94c3ca155a2cb8a5d4b58b

          SHA1

          54adf2acea83fc203ef98cb7df35aa8ee87e83db

          SHA256

          4b8535a48876697c0eafc23ac6c3d04f4888e7dea462cfb4d44dc5eac4a62dca

          SHA512

          3ed3b303fd7644d8f511922b132d29d2e02ecb159ed0eca7ecbe7c2530c965882681ca448e316bae63261972046ec8840d34f347cbcec49da1f85cf4ba1d48bf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe
          Filesize

          3.1MB

          MD5

          1c41523fbb55887af9cc287febbcc755

          SHA1

          3a1be74d366cce261fc5423d4c3df9a4e617e21c

          SHA256

          bfeb3662360a2aa2e602a187f45b2fdd88812c2f97dd38963cd49989e328d7cf

          SHA512

          7c4abd11ead01afe37848f04532442cb615cbb9dacf8cfe26fff8af9c6dd59ce3060a9ef54fedb6a62bac6be6f09fe38682109f6378653587d1c307fc99fe08a

          Download Submit