Overview

overview

7

Static

static

3

d62fec072c...bc.exe

windows7-x64

7

d62fec072c...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12-08-2024 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d62fec072cbf4e1b69e229d744dd27c456fba36e4885d7ed8c8624e60605b1bc.exe

  • Size

    2.7MB

  • MD5

    17335fd3780df5075953e9e1bf3ab118

  • SHA1

    6ac5101a407e5f82cef7f8ea0ff4397b9ffe7c1e

  • SHA256

    d62fec072cbf4e1b69e229d744dd27c456fba36e4885d7ed8c8624e60605b1bc

  • SHA512

    8f54b131dc3191de78443fcf129b26d4ff6a9a663161a929d806f47fd5960e7656d261c0c14cb777f7bc2a1ff299f84cc9653c3ec01bf79cfd711519b4a20aee

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBY9w4Sx:+R0pI/IQlUoMPdmpSp64

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d62fec072cbf4e1b69e229d744dd27c456fba36e4885d7ed8c8624e60605b1bc.exe
    "C:\Users\Admin\AppData\Local\Temp\d62fec072cbf4e1b69e229d744dd27c456fba36e4885d7ed8c8624e60605b1bc.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\UserDotSO\aoptiloc.exe
      C:\UserDotSO\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxEQ\optiasys.exe
    Filesize

    2.7MB

    MD5

    247b0ef43e317bf1fe2dd83088e8e80d

    SHA1

    d15b5bcb8d17b806ca2753939e4f890faee78ad9

    SHA256

    7ba4a84d890cf8a6e74d0028511bc2f9ce092c2e02b7663499d11488180d6f2a

    SHA512

    02bf89b87dbdd4e78e8253b4930bac2bb6ae78f35815d77ca72b21552807c944b4a06b2dc2fd419039f62df972362ac6eca0038863fe20a08d09bd904720dcd0

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    b08ede3d5863d1adbb2a73ded516817b

    SHA1

    79a5126a0c02bd65899aac3522c9920c3803b807

    SHA256

    4ca8181903ade4758bdb6e8c7a963c0d78d702d76aaad0c3a6ae9f00156b2b36

    SHA512

    dae5d0513af4e9255560bba0ed8bfe72cd2bfa12df45f5902ab2236e7accb263c19486a6ace8cab6b42cf502704f6fcdf5d2c55ec9e400486ea4cb7457e69699

    Download Submit

  • \UserDotSO\aoptiloc.exe
    Filesize

    2.7MB

    MD5

    c4091d23757533d11a88cc5893621826

    SHA1

    6a1299437045e9e893a974fdc88c6284f22476b7

    SHA256

    18d08955df7b4af614e85979237c10f239f772f7352f507259b8d534980e1fce

    SHA512

    3060cd472a6b95c56d25cd63314df3b8bdfce95442872b4215d70844037272b02ef07103bf6cdbb3845d8c1cfe2cb6d20aa85a46bdfadc2c97e2585dd98f21c3

    Download Submit