Overview

overview

7

Static

static

3

e00a5b4842...4a.exe

windows7-x64

7

e00a5b4842...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 03:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e00a5b48422b90514e2f01a82bf87f0a5edcd02cf19d8852c13aed6c2b3d0e4a.exe

  • Size

    2.7MB

  • MD5

    b88bc167b40ea67b29613337015bf387

  • SHA1

    b5a8e4760b405c85bb84d765533a72f7f1068416

  • SHA256

    e00a5b48422b90514e2f01a82bf87f0a5edcd02cf19d8852c13aed6c2b3d0e4a

  • SHA512

    340646f1e2ad5f760ee908d53b6f96bdc79d0c7ed8d071c1a2b12e8c9b9cd0e6e84bd94d173215c555bc997455c31fb6689e4d6ef605d61dfc13b3507264ecaf

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Sx:+R0pI/IQlUoMPdmpSpT4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e00a5b48422b90514e2f01a82bf87f0a5edcd02cf19d8852c13aed6c2b3d0e4a.exe
    "C:\Users\Admin\AppData\Local\Temp\e00a5b48422b90514e2f01a82bf87f0a5edcd02cf19d8852c13aed6c2b3d0e4a.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\UserDotHB\aoptisys.exe
      C:\UserDotHB\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxD8\optidevsys.exe
          Filesize

          8KB

          MD5

          18f9e5889b79178d8757b18c8d1b67d3

          SHA1

          e70ee94d53ceba1eacdea91d5af71a2203f08ea9

          SHA256

          187f66f9d8a67e69a32c5d0631666f1a7594d1207f37d94d421023d225ed6c14

          SHA512

          b64bd79cae188097cc91a99887efef58804ba8948745a6bba8e365bf023d7c107be2433b4b8f12720994b00e45c51902ddb1a9042db65adc85c64fea360b76f2

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          207B

          MD5

          0b38cb165156cc10fc6eb35427f28c19

          SHA1

          fbc643577c8530cd830f81217287dc52d041c58a

          SHA256

          c449cf5fe95f56e2237d13739dd4bca31bd258034a5ff47a4fe8b915a36cee25

          SHA512

          4b84df206c81415efa4357efe1a6db3bc8a89773e57ea292a0d857f141e3b0c3ce4560ecf1797d807d61a8b3e84fe155b6ad770020910f72f175764a98c61fc9

          Download Submit

        • \UserDotHB\aoptisys.exe
          Filesize

          2.7MB

          MD5

          d9dbf746a87e7a71fae6924060c15ae4

          SHA1

          94d5d7b7f4b529be35caf15935eee30e42abd35e

          SHA256

          089398669789223c5d34f4e62dcf5272f4b77df0dfb2378bc5adb04d685c6c40

          SHA512

          cb8142d3ac66928a41223791305edbb4d119b2f06567a24201c4f89b25f00dd5dbba8292d6b8df5df53a2870be123d52be04ad1f673cb7783b4beaf054e8a9a8

          Download Submit