Overview

overview

7

Static

static

3

64363f0eec...0N.exe

windows7-x64

7

64363f0eec...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 11:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    64363f0eec45a82f2b14a782c95e8940N.exe

  • Size

    4.1MB

  • MD5

    64363f0eec45a82f2b14a782c95e8940

  • SHA1

    3a34f2387f757ad7a7966ba93fb4c14ffa61d976

  • SHA256

    d9d500bc0282395977b6fd62ce939eefd1398e1d2b3388a8200418a3f4f1ba86

  • SHA512

    0709d99c3a2579b19f9c2e96e5223a609e4bf4f568a5367b33c6699a5a30bf2ce9a38ddca9fb0d0e6d7bad8f8fe708c364cbb3ef7c6f6b2fb16e2d3b0ace2816

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpY4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmv5n9klRKN41v

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64363f0eec45a82f2b14a782c95e8940N.exe
    "C:\Users\Admin\AppData\Local\Temp\64363f0eec45a82f2b14a782c95e8940N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\UserDot55\xoptisys.exe
      C:\UserDot55\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2340

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\KaVB6H\optiaec.exe
          Filesize

          4.1MB

          MD5

          72c7082cd9a4f455b5fc6f937517c56c

          SHA1

          8bec15b66ae058c422ffc9d35cb0ce9eb633e5f1

          SHA256

          f94c83912018ed8b620b1d65a63ce6b8893c6ce1fe0ec10ba1d04f62e79409cb

          SHA512

          d117a15d206c20d478deb928b0ef0c5de7ee4d583f27611c4c6122f4b9cf19209b1f4b9312626f52c72c2c58c9fef20abd6bd90f846066577a105de2df0eb5ca

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          204B

          MD5

          2962cff18ca91af541d5936a8d3437e1

          SHA1

          ba38bbf7c8d5826e4da6ed13d22a3e113a66bf5b

          SHA256

          1a5e3cbadefe4b8408d35ea1f8860e9ff9815d31864cd59aeba6ef7da0464ab8

          SHA512

          b619b1cbc7e2f2d1e8b914a3420cd3fb5d9ab891054632c04596abc2d0118182f3701f41236464078707af5a8bf47f2bdc03ce2e292d8126347ecefff4ed8221

          Download Submit

        • \UserDot55\xoptisys.exe
          Filesize

          4.1MB

          MD5

          823ecf5e8e1fc8db85ecb993de5a4d31

          SHA1

          c709e68e40096f904b938d2d1424c65216d21987

          SHA256

          819ca8b75276aeb5d6f3d7ed4a060ffdb104bff6521d83a69bbac7c533292ecb

          SHA512

          a26ee7910dae6293c8a86ed90cdd9efb3358732edfd11eb115aadb636c08806c5f1897c003590b4f70282a9390c28da8eff647bcc42d9bb4ad8238307bdad303

          Download Submit