382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5

Analysis

max time kernel
150s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
Size

2.7MB
MD5

3d61daed083cfe0dea269ce8337655bb
SHA1

90e1a8a24d27a5ae607c7997fe68d2117bd5c6b8
SHA256

382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5
SHA512

4d6cb7b08bf61f5b73e35f48fbfd4085409167c5b54822a439fd34a6949a6948fec52fccf0d71dc2d369ddc357c841739553f1df7e92c2dbd1496cf7a6d5bd2b
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4Sx:+R0pI/IQlUoMPdmpSpH4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4496	aoptisys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvZU\\aoptisys.exe"	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\Galax5J\\optixec.exe"	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
4496	aoptisys.exe
4496	aoptisys.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 4496	2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe	84
PID 2112 wrote to memory of 4496	2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe	84
PID 2112 wrote to memory of 4496	2112	382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe	84

C:\Users\Admin\AppData\Local\Temp\382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe
"C:\Users\Admin\AppData\Local\Temp\382482bb7b557e5153f019bb8c90e6732d3f6815151ebefcb506c21013083ce5.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2112
- C:\SysDrvZU\aoptisys.exe
  C:\SysDrvZU\aoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Galax5J\optixec.exe

Filesize
2.7MB

MD5
43e7007079c4f86c3daa8eb7adcb3d3c

SHA1
1b03684bf7f456cf5386eca205d8540c4704bc56

SHA256
da9698041682c6f34c969e469dae0b38addd6a9c3c0aa28a624d9113195ac651

SHA512
6610a87f35503c759eddf542e26d90c30d57b828a8fc2c8124bf141abcc2e88ef51df77c9a58490b319d75906d1a1d4840e2b72a0b6324138220f2a0fcbedb50

Download Submit
C:\SysDrvZU\aoptisys.exe

Filesize
2.7MB

MD5
40fc5f968d11ffdafa7a1150b6fc26b5

SHA1
56c52f80e65490988a8c01c77305062b054929fd

SHA256
d44e2d155b67a940456d8de6f79a692253c37f76467e79520c4f11fe7c33d52c

SHA512
a74b810d9bc97d8e0997485a0895ae12887e64242d69159e8d175776bd2d10b6a6d078e5280c0d386be73d040a5a50ebce5c09e2d667baf4cd65e2423d3ec72a

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
203B

MD5
15ed9e15220a7d37da0612b1e5c2deb2

SHA1
914243432972614c7764f7a426d3d089ccab83b7

SHA256
9be748c1c3c4cc685dd3ea13692b2c26aea0a90b3abf1b6391fdaf0b4dba7331

SHA512
cd9faf1631191f17094389f95a3dae25bf5c679bb0ed9b3ffea3b266b3fc92cbca921871dd86cf56e1b9a36e6f636cad3fca9c0fa6fc6e90e0edb6a7fc6af1b4

Download Submit