Resubmissions
13-12-2024 13:09
241213-qdy1tayrdz 1012-12-2024 16:44
241212-t88ehsslfm 1007-12-2024 13:47
241207-q3h1wszjcn 10Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07-12-2024 13:47
Behavioral task
behavioral1
Sample
OptimizerPremuim.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
OptimizerPremuim.exe
Resource
win10v2004-20241007-en
General
-
Target
OptimizerPremuim.exe
-
Size
5.9MB
-
MD5
093a4722c9529c8418108a3b36fdbc50
-
SHA1
ad07e278be2d58cc69175e809ca3741d0bdc29be
-
SHA256
ae9199799afe47a0c69f0cea10e924b8b72df340163b71f927fe0bcb6b6d7a96
-
SHA512
143ce8b38934724e1473b11a854edd2fa87e1e3de3316e5c5c542face9c3c32368888ef9b3c50949782c22a193d4854eb23855e1a2fb2b06439fe7dec65d2da4
-
SSDEEP
98304:r75moDUN43WQqrjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6a+tMsF:H5umWQoOjmFwDRxtYSHdK34kdai7bN39
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2524 OptimizerPremuim.exe -
resource yara_rule behavioral1/files/0x00050000000194fc-21.dat upx behavioral1/memory/2524-23-0x000007FEF6690000-0x000007FEF6AF6000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2668 wrote to memory of 2524 2668 OptimizerPremuim.exe 31 PID 2668 wrote to memory of 2524 2668 OptimizerPremuim.exe 31 PID 2668 wrote to memory of 2524 2668 OptimizerPremuim.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\OptimizerPremuim.exe"C:\Users\Admin\AppData\Local\Temp\OptimizerPremuim.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2668 -
C:\Users\Admin\AppData\Local\Temp\OptimizerPremuim.exe"C:\Users\Admin\AppData\Local\Temp\OptimizerPremuim.exe"2⤵
- Loads dropped DLL
PID:2524
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD54a6afa2200b1918c413d511c5a3c041c
SHA139ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3
SHA256bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da
SHA512dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20