Overview

overview

7

Static

static

3

e401663776...3a.exe

windows7-x64

7

e401663776...3a.exe

windows10-2004-x64

Analysis

  • max time kernel
    31s
  • max time network
    42s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 05:53

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    e401663776232f370bef70bf41239b6a7ac770c2a30e745e8c1544f2b5c4653a.exe

  • Size

    3.1MB

  • MD5

    2db79248b62e423980fa00b401d23287

  • SHA1

    2509b3140b447b379c11993f3b13e79f7b3dc70b

  • SHA256

    e401663776232f370bef70bf41239b6a7ac770c2a30e745e8c1544f2b5c4653a

  • SHA512

    99d58fd25001c803cc62d3c5bf5e90db8b98554dc756143eda0a39342f4aed8d24789980abe81e2b9608ba1c5a4d22ef3972dd11365f556e378220d42629125c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Su+LNfej:+R0pI/IQlUoMPdmpSpO4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e401663776232f370bef70bf41239b6a7ac770c2a30e745e8c1544f2b5c4653a.exe
    "C:\Users\Admin\AppData\Local\Temp\e401663776232f370bef70bf41239b6a7ac770c2a30e745e8c1544f2b5c4653a.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4736
    • C:\UserDotK8\aoptiloc.exe
      C:\UserDotK8\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:228

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\LabZO3\bodaec.exe
          Filesize

          19KB

          MD5

          45bfa8b293234e4c5f1a5510c4dae75d

          SHA1

          534935e16aea45384f7d4effd411e5ac6f9358f7

          SHA256

          119923dcafd0df546a0598d5da5dee39c82f77c699be29e3a899b0ee0d93b44b

          SHA512

          93154feba307145036a0eec79f98f547858ebfb4b788717ba1525dec8acfd5279150d5f6b1bccf1f1488e03598163fe6462a7fa4ae6cf3fad0f35723f0339b9b

          Download Submit

        • C:\UserDotK8\aoptiloc.exe
          Filesize

          3.1MB

          MD5

          9ff3c6649a830267975f7d061fd7ebc5

          SHA1

          114315787440d13851275e9da0ef41ff953389c9

          SHA256

          a3ffe6a0e8bf707e00c43994539c8714f046ff9b53d991473cfbead2606e56a2

          SHA512

          f276314b876671be90e5b62d3b5e845a10d8e42b2d240cbed6d5fe3f38a5219307fcb72be8b977b811210976ac1eb17c8fd2a08783120fe5e5e6a7300628445c

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          199B

          MD5

          073fc84652820471b8daf75787c452af

          SHA1

          04c24d172fb7352337d6db3159abbd036afb25f4

          SHA256

          db6dca79178a47bc1039b09a269ff55e7381d7d07a741f5bf6b4e029e72aa154

          SHA512

          34db4ae09166cd9c9de8a30999b8a33a0c858fa1fbfc80a8ee16f8f7da181a05e97fbf857247f553aea1b4e3ea95cc4701254094bc14f1ec8e5302c3a06e894d

          Download Submit