Analysis

  • max time kernel
    149s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 18:14

General

  • Target

    032e898e9f9f9da801fd2abfafecd96d838de566e1a11d50c85ea6706371effb.exe

  • Size

    2.7MB

  • MD5

    04e0f8cfef5a9203f87a6e6f957e02c2

  • SHA1

    fb1c1486c3470892e3622966f6b5e2e5a9aeeef4

  • SHA256

    032e898e9f9f9da801fd2abfafecd96d838de566e1a11d50c85ea6706371effb

  • SHA512

    d520f08a8bc6949995c91383943877aeaa5bdb923a3063317f345192cdc423d52282b3489dba575e66f99cad296a067f80088b2654e347d72dc4963a027586ee

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB89w4Sx:+R0pI/IQlUoMPdmpSpy4

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\032e898e9f9f9da801fd2abfafecd96d838de566e1a11d50c85ea6706371effb.exe
    "C:\Users\Admin\AppData\Local\Temp\032e898e9f9f9da801fd2abfafecd96d838de566e1a11d50c85ea6706371effb.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\UserDot6Q\aoptisys.exe
      C:\UserDot6Q\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    204B

    MD5

    4c7f6462d2c1e359f65b24df173ae856

    SHA1

    61328dcd907f2d7a4de6a181471f10ceaf425e54

    SHA256

    b8f8fdcc446bf19c085c0d99e4d4bedcdb4a8d82cc06ed859f6ed8286cca2f67

    SHA512

    e1efada4f50083358c6569f140a4e1ef152c685c6750796d8923312bab76ac47fd2ae1a8100e9671bc2d49d2a524b003b8539da81ecb8a8ab290c722ecac437a

  • C:\VidQW\bodxloc.exe

    Filesize

    666KB

    MD5

    4a8833936c3c858981599332be03682f

    SHA1

    7718fbb9cae726509094b9cb2ccbe3738441a240

    SHA256

    a456f41ef2ff06bbd8be81a3462c24ec1fc0481cdf96bedc5d3197d0a5538249

    SHA512

    202e7a3566df19411936e00f14e1733656ae4fbb26329bf8c0d870354b6f4151f04e5ca8d4f025e515f3d1a5b0f620e81ef585c6d9d3a94e47409a0026832150

  • C:\VidQW\bodxloc.exe

    Filesize

    2.7MB

    MD5

    b9562f2df8fbbe4b2ec515a44111fefa

    SHA1

    12353e62e9380436a2b6a579474489ea5802f031

    SHA256

    b7dfacd75e67dfb011adf6b8db4fa4a674ab04c11b799df5d9561b057edc5566

    SHA512

    13fcc7e905b13c399610c53fc3d014f6374c8840f27ab6d394145191050bb45885d71cb9b7f3b576c3c45d6790a05ebcd180143e313c2fb630395eb3e2a9094c

  • \UserDot6Q\aoptisys.exe

    Filesize

    2.7MB

    MD5

    6241e742ed7042a6a59c36694bbbc400

    SHA1

    12d722c9c22d50dc3fda4a928f59101010b57160

    SHA256

    656423c162697168b9878c6f94c68821013b24b43415238a4f28d39363d51bde

    SHA512

    c211e2e2d4125a3e91cff75084d3742271a400fbd5dd98bcbb0f0e64da7a4d27fcecab790d8dbde15cb2fb1fe44635660c0724e62aa72d18e267980a2cc9849b