Overview

overview

7

Static

static

3

a45ddba451...0N.exe

windows7-x64

7

a45ddba451...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 07:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a45ddba4515226bd7aca276437b32410N.exe

  • Size

    2.7MB

  • MD5

    a45ddba4515226bd7aca276437b32410

  • SHA1

    bb56982f6797cbda98f78d4707e300fbc32e04f5

  • SHA256

    03dc811a3e0f51e49a34ae82faa3ed4c57efda48663b246bb5ae46ba6d51e08d

  • SHA512

    cf623d2a4e980428feaeccaf5e5acfec88df0b6234bc2e1a8f040734f107c959f8f5ce37a9d555a4a382c7bd582b2b7554026b67f6dd7991cd8adb2463ae581b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Sx:+R0pI/IQlUoMPdmpSpb4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a45ddba4515226bd7aca276437b32410N.exe
    "C:\Users\Admin\AppData\Local\Temp\a45ddba4515226bd7aca276437b32410N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\IntelprocPX\xoptisys.exe
      C:\IntelprocPX\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      PID:1004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZHS\optixloc.exe
    Filesize

    2.7MB

    MD5

    0413f752070afb68f4be0fd86a385f3e

    SHA1

    2091b61118799adf73393d3b7f94a250a53c41e0

    SHA256

    d5098815e030b9ca9ab2af46015be96ea153db18127044ea959a8da76e4c8ab8

    SHA512

    4ec57d056ac2c0dae085bd84efd124d4744eb60cbbd172dd2d97097d445ce420e2bb5502df5b25348d6d14ee725fa110a026f35c998055d5d7555a5fd5315e40

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    208B

    MD5

    c12aeb83d837be59f7f3402b041d40c7

    SHA1

    a2383f3991b0f88752532c2eabb1b6342a0c5329

    SHA256

    5ad2ec3cfc2c30916585d661efbe2d0f27fd50b25f8d322debce3c03839200e2

    SHA512

    07bb0eeff1906122d57d509097f902bc59238adf91d0d48a213d8091bdbfcc224589d67d523dc87683b84d5c4978adc49e9f01869c8805cddba8459d86221074

    Download Submit

  • \IntelprocPX\xoptisys.exe
    Filesize

    2.7MB

    MD5

    d79c8d99b7653b60fd39e3b7e6929761

    SHA1

    c51bec5341194dbee6088ee2defe23708c6e3792

    SHA256

    177b42d85eef24f9eaccd461669683dd68e7f23828e0e643afa9a94c5f7afec6

    SHA512

    955a365abc9d021ad368ed07218ec5899dedd758dbf037d6e326a1710d711e2bbf6413883246597203b9f93a5256e082ddbdf747fd8fb9abc3d5651f29c09462

    Download Submit