Overview

overview

7

Static

static

3

bb726c099b...0N.exe

windows7-x64

7

bb726c099b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2024, 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb726c099bb776a6e091d9149d3206a0N.exe

  • Size

    2.7MB

  • MD5

    bb726c099bb776a6e091d9149d3206a0

  • SHA1

    bedc97b7d17174d804eb3c0ee3209486905be61a

  • SHA256

    7afef8a4758be5c64c1177ed2422b1a7f963a0bbf4ab98d264f1ac521c5681c4

  • SHA512

    4a6bccb4581860e98fae0521890440105e33c5d5e186f3affcb2110063527d985374ec6f7710aa3b1a36f1b51dc65078815c0ffc485f29365189fa933c279a52

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBZ9w4Sx:+R0pI/IQlUoMPdmpSp94

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb726c099bb776a6e091d9149d3206a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb726c099bb776a6e091d9149d3206a0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4536
    • C:\FilesZ8\xoptisys.exe
      C:\FilesZ8\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesZ8\xoptisys.exe
    Filesize

    2.7MB

    MD5

    83bc82f9699e9a8053b98e38a5b739b9

    SHA1

    4b6151e6c3dbaed3634df914e43cb85ba39423dd

    SHA256

    c33d04b38c0b46f9ad6bf3254effc6b4808c32221e733f78f9d28281f1296f65

    SHA512

    09e364d96f14ddbf61f5edc266ce7fa8265ff1f84b0b78ab2720bc98fc7e0850b72b81e72007857d53e88bf893a86654226626c2b8230eac81144c4a43ec070c

    Download Submit

  • C:\Mint21\optixloc.exe
    Filesize

    235KB

    MD5

    b35300c5f9a10dcb5add53f2f66c9804

    SHA1

    8acdd436182c3feff02d0d438870e3411bace137

    SHA256

    881e1a9bc5414339862c118126f7bfbe52abbddeb5285f0c5dc69ec3fedd7184

    SHA512

    862ae14578ede4439d1260f7460db3aef6abbf3c76eecf1ddb5064f345600fbd6ebdadc413ec05bbdcf33443f18de6c175cc2412adf13a2457516d650d2e07e6

    Download Submit

  • C:\Mint21\optixloc.exe
    Filesize

    2.7MB

    MD5

    6776ce88dc4f2415e1d03509279c15bf

    SHA1

    6d3f39d98e5f88449675357c49f6c34bad9c6248

    SHA256

    b8ebf1ba6c045211290eb25b7a2ed75f08c3da7b538dcba0657ce93d9312981b

    SHA512

    180e44ac188c10b6667a4823e2bd632b49212da02dcd16f335bb4b7a6521f3eb24132f62e9f2df861ffe339f20cba9d80f55f65e32f3028b43331ed97d7f0b63

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    0cf6775b4fad7cdb8d30f5fb51962514

    SHA1

    8833fc43d6938c18a37ab4f3cb976051cb39a8ee

    SHA256

    7214f9bde3dc87c876656757e2c0be27fd08e62d715596180561e510514da3b2

    SHA512

    0e784925fc37098eeaac9840871c50a249c34e921cfee9f98f7f2cd2375ea08af525d25bcb314a695826c3f1ff0df6e77f645ef333d33635f2da0d3d65bf0d4f

    Download Submit