Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19-07-2024 11:46
General
-
Target
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiUtilities.exe
-
Size
2.1MB
-
MD5
aacdb052b4adfc3e570a7a6619719c58
-
SHA1
028f5442c31a29f19cf837d0818d89f7d933e167
-
SHA256
81b87dd0a52d81cc0426dce1c26e9db39073bb28389ab24c0ec12ac4756c4c06
-
SHA512
f67e01fae7efc63852756a92815b313070bf2bbad63bc3b743e8f63b7532afb14205be0061f225249d88814b2c363077f8ecc9cfdf269ab188a3f69c1f2e33e7
-
SSDEEP
24576:kMguKLQHQ4rCdAZBG7N6wCRGTwjsOWsCMPqWJuOBveeBrv9KDxb020B9HEihsKmr:kMRBTnqN6wCREXpeJm2EiQ94nt7/q5
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 24 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Wopti.v7.91.Build.9.115.By.MyCrack\WoptiUtilities.exe"C:\Users\Admin\AppData\Local\Temp\Wopti.v7.91.Build.9.115.By.MyCrack\WoptiUtilities.exe"1⤵
- Checks BIOS information in registry
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\romC6F9.tmp.exe > C:\Users\Admin\AppData\Local\Temp\romC6F9.tmp2⤵
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2c8 0x4ec1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
819KB
MD5fd256d9f54ba68c432aff9a36d43de35
SHA17820a28ab8d360886e84c2517275db2c0bfbed14
SHA2561ff1f3a34752e9b4a71cbe189a29c2ac19fe7faa1c56076e76e271a55a44b47e
SHA512e8069747f68032ef48afe80dec9edbdec8fc5ea041a894d751c9a8b65ee5eddec71d2495ef32c9f892a8c0f2ed501b3c4afa10f66a2ade7fb089bc284ed22c98
-
Filesize
22B
MD58526ab457074d902cb0840cde8db3956
SHA13faab54c0039e50b1606d462f8f38d49759ad9ff
SHA256579ae99e25c7b8222acf14f5307224912dfca20f465be7a66485f729ad1f8077
SHA512642c985ca4ac088e6bcafc4eb45e02f1b0bed2be405ad3d3cf1ee9e964da7c60a03ec0ea6ffe89f97646c63924e7bb6a053426b99dfc5f691bb3bb1e746b386f
-
Filesize
240B
MD53359a9e4e97e802bf2269be93d360f62
SHA163dc0d559cb8dc86168d902489f92b65861376ef
SHA25672b682830825f59cac469868288bb9a91a6674ebc0ff280108fbe76c714395ff
SHA512c2396baa8c14b90634d3b04cdfcaebdadede8377b114e8528f1174e7fdc39cb19032458a894db52ba9f42589822557af48823636737657fda97ca6a325a11838
-
Filesize
4KB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
692KB
-
Filesize
412KB
-
Filesize
412KB
-
Filesize
692KB
-
Filesize
6.2MB
-
Filesize
4KB
-
Filesize
6.2MB