Overview

overview

8

Static

static

zippyuploader.bat

windows7_x64

8

zippyuploader.bat

windows10_x64

8

zippyuploader.bat

windows10-2004_x64

8

Analysis

  • max time kernel
    1592s
  • max time network
    1412s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    21-03-2022 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zippyuploader.bat

  • Size

    107B

  • MD5

    0fac231074f90878c2283b2561ed906c

  • SHA1

    2c3421f0a6c20b8c6fb07ffe62526438a5169194

  • SHA256

    acfd8e0557e2efc01d981221e5e5e0fcd68f7231a72d3d46361294d9df43d984

  • SHA512

    fdc5f227244f4e0a76356aba17e38823e0e9bb0ffc344ce07b6bc9282c7192c08a9cbd42d157d13be0c378c9678aec4ea1ea6c7d663d21e732a73a2ceb6159b9

Score
8/10
upx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 62 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\zippyuploader.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3460
    • C:\Windows\system32\certutil.exe
      certutil.exe -urlcache -f https://www.zippyshare.com/zippyuploader/ZippyUploader.exe bad.exe
      2⤵
        PID:3456
      • C:\Users\Admin\AppData\Local\Temp\bad.exe
        bad.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1264
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
      1⤵
      • Drops file in Windows directory
      PID:2920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\bad.exe
      MD5

      ed323324bff4fbe54be6040ef429862c

      SHA1

      2182d6953bc33050d44ca585ca3e6e64cd0a6864

      SHA256

      88184dea2107e5fc67d1901391963b4b7a94381407c9fbb20936269acff6c442

      SHA512

      72511481199722a7d31ff3a50ac0a9f9126f8d124c22f1bb0457a43466ee2263c1bd5012209ee2f426dfcc17645842098e2594321eae3562dde86b25ade6831b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\bad.exe
      MD5

      ed323324bff4fbe54be6040ef429862c

      SHA1

      2182d6953bc33050d44ca585ca3e6e64cd0a6864

      SHA256

      88184dea2107e5fc67d1901391963b4b7a94381407c9fbb20936269acff6c442

      SHA512

      72511481199722a7d31ff3a50ac0a9f9126f8d124c22f1bb0457a43466ee2263c1bd5012209ee2f426dfcc17645842098e2594321eae3562dde86b25ade6831b

      Download Submit

    • memory/1264-136-0x0000000000C20000-0x0000000000C21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-137-0x000002AD1A660000-0x000002AD1A670000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2920-138-0x000002AD1A6C0000-0x000002AD1A6D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2920-139-0x000002AD1A9F0000-0x000002AD1A9F4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-140-0x000002AD1CFD0000-0x000002AD1CFD4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-141-0x000002AD1CFD0000-0x000002AD1CFD4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-142-0x000002AD1CFF0000-0x000002AD1CFF4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-143-0x000002AD1CFE0000-0x000002AD1CFE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-144-0x000002AD1D0E0000-0x000002AD1D0E4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-145-0x000002AD1D0E0000-0x000002AD1D0E4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-146-0x000002AD1D120000-0x000002AD1D124000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-147-0x000002AD1D080000-0x000002AD1D084000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-148-0x000002AD1D0D0000-0x000002AD1D0D4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-149-0x000002AD1CF50000-0x000002AD1CF54000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-151-0x000002AD1CC80000-0x000002AD1CC84000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-152-0x000002AD1CC70000-0x000002AD1CC71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-153-0x000002AD1CC70000-0x000002AD1CC74000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2920-154-0x000002AD1A970000-0x000002AD1A971000-memory.dmp

      Filesize

      4KB

      Download