Overview

overview

7

Static

static

3

150cafcb48...0N.exe

windows7-x64

7

150cafcb48...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2024, 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    150cafcb48071abd1d1f06d890a3b650N.exe

  • Size

    2.7MB

  • MD5

    150cafcb48071abd1d1f06d890a3b650

  • SHA1

    4e45e62dc0537258cad375b160895c5194fbdcfb

  • SHA256

    487d1887468e42df7b8383012f99277fcbbcd2a88815080ccd22620b5fb54d96

  • SHA512

    76926e6dded63c486a3b57c1462b3343cc78d86bf609cb19c4723097fd7b1689584a99ad4cee771e961b311279486060ecfd7b0a08411ab7442269575274cc24

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBy9w4Sx:+R0pI/IQlUoMPdmpSp84

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\150cafcb48071abd1d1f06d890a3b650N.exe
    "C:\Users\Admin\AppData\Local\Temp\150cafcb48071abd1d1f06d890a3b650N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3464
    • C:\FilesJ5\aoptiloc.exe
      C:\FilesJ5\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesJ5\aoptiloc.exe
    Filesize

    2.7MB

    MD5

    3cde01dd5321669574f18adf19a59d1b

    SHA1

    da7ff738d947471abf86b47a1034a527133e3b99

    SHA256

    be471913593592068eefb4ba9af5466ffd443e29be6d9fbda2d68a69f49acecd

    SHA512

    e507961b59dafd99516ed14b4b4f95d7d1519eb826204bec0cf0e1399b37ada606b2faf92d843850468663d52fb3a8233cc1cfce5d975cd6da78d668ffad1351

    Download Submit

  • C:\KaVB9Q\optiaec.exe
    Filesize

    2.7MB

    MD5

    648f88c32b772a29d0c3cd826b0e4361

    SHA1

    adb9df0952f4a54ec7bb57bb1f45c8c5c252c334

    SHA256

    15d3a1630e1c3fdff00670701a35f94fefe9e0bb974320d63677154f03510ef8

    SHA512

    27101204ad11183c5fbba63503064d41ec8cb2737c2a1f836f2a2c2a0dd75bdc69860d8430353788aebed65e6bfa9ab138aaefa040f45d6fc58772923d0cc75a

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    3a37b2320d3f9df719fcdc5cdc27bf5c

    SHA1

    16ec830d87cae3d2a8ab6c6a396a2935b0d54b15

    SHA256

    21e18871979f23fc23d08fe85e50f8c0d6d43992f6557ec14fd441a160957a18

    SHA512

    d7f3fae46b3478e4f27a4c0a34973eb16f2cd43c6cc5aef73dee870c460ed97958e2e755586656054d06e1aeefbf50dfeb6d59f9da8e042c2abe75907a551751

    Download Submit