Overview

overview

7

Static

static

3

c06fafb294...0N.exe

windows7-x64

7

c06fafb294...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c06fafb294f320ac15e676c109775500N.exe

  • Size

    2.7MB

  • MD5

    c06fafb294f320ac15e676c109775500

  • SHA1

    bfb4f6bba20b4ee45186e63a05b2c8d876fd26f0

  • SHA256

    5bb5cf1e5b4bebaa40bfdaf0ae38d1219e191b53a0c88c8e80833217d3cf274d

  • SHA512

    0c43d9ee0add00b98bb8daa16dd38452b9104843cdf4cdae0861bbdd688f8ce4639c1f668ebf61da0187214ecf3f477744b54af755ffccffb14911fa9ace16c7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Sx:+R0pI/IQlUoMPdmpSpX4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c06fafb294f320ac15e676c109775500N.exe
    "C:\Users\Admin\AppData\Local\Temp\c06fafb294f320ac15e676c109775500N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\FilesWR\xoptisys.exe
      C:\FilesWR\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesWR\xoptisys.exe
    Filesize

    2.7MB

    MD5

    70940bee1301b3d9f01d193f15947e1c

    SHA1

    088029943a753c64cae0b8354033220a86f55a37

    SHA256

    987759d5eef322ec2f795ad6dbe584c9ef79a421422a01cca43c3d11fa6cb827

    SHA512

    39d6564fd7dcd0a1922eccc3d755643e48fc661babbf037701c8c1651c735294b400b6f7651a9e9cce0ce305088aafede3c603c1302c89a5fd3e172b024d5288

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    211B

    MD5

    645cc187252883e788b5a57c784fd516

    SHA1

    34f30a5cde55f3bcd40eaab72e1afa646972a618

    SHA256

    8349111585bb3e522d61f242b61741bad1a3922c733516017ab79013d0c2f5c4

    SHA512

    1a42042b3951a4f628c629f678b0e572268675fa494589b2cf4637d17b25388fdf82584f663fd172a573f9278718b92d16ca75d071f48a5b264d28190fa29a14

    Download Submit

  • C:\VidA9\optiaec.exe
    Filesize

    2.7MB

    MD5

    0b04d0a93a434834edd9f4fc1f678e3b

    SHA1

    f9d7781944513cacc6ec7a3fef4855f163c74d96

    SHA256

    a54d2389e82fb68a4061ce45c5b2f83b169e2eb1e4e4413e53f76ef3861a9b81

    SHA512

    0752325ba7b85280f000e63545c072e208331a58f5712825158b633f9bd6b87e90810f6632a54a92b432c0aa2a6960ba8d191b3754162290cd9ba7a8353502e3

    Download Submit