eda2a26b9570c53d24526244696e50fb928e7675c26d8932142f2daf1a63453b

Analysis

max time kernel
119s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 08:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

85d3dfc4eb655921f8a615ffceb46fe0N.exe
Size

2.7MB
MD5

85d3dfc4eb655921f8a615ffceb46fe0
SHA1

5ebff1f5ff9630524bcf8c43db9777aa0e009c8e
SHA256

eda2a26b9570c53d24526244696e50fb928e7675c26d8932142f2daf1a63453b
SHA512

054fe4c42221f0e588a5a7f31aced74bd726b1d6616a683a2bd76397ac644656ae5cc552b34bd31b79910b05958f56412cf449de5817a704ef623af43c6ae568
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4S+:+R0pI/IQlUoMPdmpSp84X

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5028	aoptiec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBXJ\\boddevec.exe"	85d3dfc4eb655921f8a615ffceb46fe0N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Intelproc5M\\aoptiec.exe"	85d3dfc4eb655921f8a615ffceb46fe0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
5028	aoptiec.exe
5028	aoptiec.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe
808	85d3dfc4eb655921f8a615ffceb46fe0N.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 5028	808	85d3dfc4eb655921f8a615ffceb46fe0N.exe	87
PID 808 wrote to memory of 5028	808	85d3dfc4eb655921f8a615ffceb46fe0N.exe	87
PID 808 wrote to memory of 5028	808	85d3dfc4eb655921f8a615ffceb46fe0N.exe	87

C:\Users\Admin\AppData\Local\Temp\85d3dfc4eb655921f8a615ffceb46fe0N.exe
"C:\Users\Admin\AppData\Local\Temp\85d3dfc4eb655921f8a615ffceb46fe0N.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:808
- C:\Intelproc5M\aoptiec.exe
  C:\Intelproc5M\aoptiec.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Intelproc5M\aoptiec.exe

Filesize
2.7MB

MD5
ee38379fa0a099ca295ab5b8d394f236

SHA1
3df1ec462fb50ea460fa0be1d2f1f51ea6144897

SHA256
1522cc30894228e7403a533b2fcf639717e9b0ce1e3d5f51dd33c41c653e82bb

SHA512
8dda572d56f18bb44bf04e35cd0810fe337ee8cc3e9f5acc6cb573af437e62cf2080f2e06139b1574f11160a728f1c116802a18e4ad2e5a536befd3197538a59

Download Submit
C:\KaVBXJ\boddevec.exe

Filesize
23KB

MD5
1f3e629c426aa68422567442566a2ee7

SHA1
acf8aa1e9f648c29cda534e3910946aabaae0b9d

SHA256
c038e89ebd7f106b71be3474f1bdda82845d62736c0184e87779d11d03921153

SHA512
2e3b6668566917fa4baf395cf3e3ce8989c03b9415fbcdc4408f8d1ea8200b93039ac6c06d82351f4c041993a8d5382ee66eca5655e647449dfba5d8316912e7

Download Submit
C:\KaVBXJ\boddevec.exe

Filesize
2.7MB

MD5
d700d52d783921e180f059aef80ceb06

SHA1
f3bff22f0aca26f865ec22679bf22cb40dc1d8fa

SHA256
82b40af5d565edf3192a43fc2d2ab9ae648c2939995adcdfa0a6032ae4800a65

SHA512
6a2e00ae57079befca47efb81ece58fac6feb1eb02779dc3e73a85e9019270be90bfdcbc4697d7b8418c6754a51ee1fddda8684c5e85421094e1d916d0d5f71f

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
205B

MD5
1671fbb914acd6b5c7c334b1b6b78d20

SHA1
80e7aa26d429a9cfabdd53bef3b140650c76886e

SHA256
57ec208b4aa483f5aa61b1b58b3a3b65821c3878d6918d9a45109db846ff0dc3

SHA512
35143a44498d41784d653ec08420d073b03f70f75b389ccd7132b3a213cdf050a86f1319c4314c7c0cc1f75116232a7139b52e5df71734c85c2169ee7cd6ffb6

Download Submit