b548f01428cb26a5870602e8018adbce814dd2ed53a6b1f74c3b3b7bf23fa965

Resubmissions

27/11/2022, 22:48

221127-2rhrjaec38 8

27/11/2022, 22:43

221127-2nlzsahh4w 8

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Zemana.AntiMalware.Setup.exe
Size

13.3MB
MD5

048ea3233e0e7611ab414684583c1421
SHA1

026e20baca271cbfea44fa2ce6f3e405ca5d263d
SHA256

b548f01428cb26a5870602e8018adbce814dd2ed53a6b1f74c3b3b7bf23fa965
SHA512

7ced1bb205695c9ed1556f597682ffd74c6207a48961668d2f2e1e2eca84929297a9321e6cc3112d8af1078edc7c9e54b1ff5a2657fbbc45df52e7baaa3565c6
SSDEEP

393216:yx6PWxMcegOTpxpCmJRSnqhMTU22r+YDJpZXtPq8:yx7qgmpxNJIqKTJ2r+0pZFl

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\amsdk.sys	Zemana.AntiMalware.Setup.tmp

Executes dropped EXE 1 IoCs

pid	Process
4440	Zemana.AntiMalware.Setup.tmp

Loads dropped DLL 2 IoCs

pid	Process
4440	Zemana.AntiMalware.Setup.tmp
4440	Zemana.AntiMalware.Setup.tmp

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2188	5072	WerFault.exe	81

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4440	Zemana.AntiMalware.Setup.tmp
4440	Zemana.AntiMalware.Setup.tmp

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 4440	3700	Zemana.AntiMalware.Setup.exe	79
PID 3700 wrote to memory of 4440	3700	Zemana.AntiMalware.Setup.exe	79
PID 3700 wrote to memory of 4440	3700	Zemana.AntiMalware.Setup.exe	79

C:\Users\Admin\AppData\Local\Temp\Zemana.AntiMalware.Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Zemana.AntiMalware.Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Users\Admin\AppData\Local\Temp\is-S9MNR.tmp\Zemana.AntiMalware.Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-S9MNR.tmp\Zemana.AntiMalware.Setup.tmp" /SL5="$B006E,13025042,780800,C:\Users\Admin\AppData\Local\Temp\Zemana.AntiMalware.Setup.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4440

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 5072 -ip 5072
1⤵
PID:3636

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5072 -s 496
1⤵
- Program crash
PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-LE17R.tmp\AMSDKCore399001.dll

Filesize
17.1MB

MD5
bd1cd3cb27c3687f70789c96bd324381

SHA1
474ac73892fcb8f2d7f44fabb8020dfd1cf415bd

SHA256
2c63c9035a5794423fcf360a685c321c0d1a4e72c4dca4c66a87d7a2157d3bb5

SHA512
c601946878720f83fe41e215cedbd00b71bcb0a81022becf8e78848693a9d4e82b57f9ee935999b4fa1500f21ade0727ad5b6c25a414e3c459d87bdb7706b953

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LE17R.tmp\AMSDKCore399001.dll

Filesize
17.1MB

MD5
bd1cd3cb27c3687f70789c96bd324381

SHA1
474ac73892fcb8f2d7f44fabb8020dfd1cf415bd

SHA256
2c63c9035a5794423fcf360a685c321c0d1a4e72c4dca4c66a87d7a2157d3bb5

SHA512
c601946878720f83fe41e215cedbd00b71bcb0a81022becf8e78848693a9d4e82b57f9ee935999b4fa1500f21ade0727ad5b6c25a414e3c459d87bdb7706b953

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S9MNR.tmp\Zemana.AntiMalware.Setup.tmp

Filesize
2.9MB

MD5
ea91a08c1eb0733bb797bb6458f01fb9

SHA1
8d044f513e8bd9e790f862d210a09fa109b75bc8

SHA256
c0c7e61f5d7f57f14f6741d38514d265b48dccc267303d17b8195b1548736590

SHA512
45ab028ae2a05be7b6889a33109665fe414684d8900c6d9b0a645f970295c7f6e0279c49c458abf6d81978b981723108e1b2b4e070dde16f75e3e43e544497a6

Download Submit
memory/3700-140-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3700-134-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3700-166-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3700-132-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4440-149-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-153-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-142-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-143-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-144-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-145-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-146-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-147-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-148-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-139-0x00000000056C0000-0x0000000006BE2000-memory.dmp

Filesize
21.1MB

Download
memory/4440-150-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-151-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-152-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-141-0x00000000056C0000-0x0000000006BE2000-memory.dmp

Filesize
21.1MB

Download
memory/4440-154-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-155-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-156-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-157-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-158-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-159-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-160-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-161-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-162-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-163-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-164-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download
memory/4440-165-0x00000000056C1000-0x0000000005B59000-memory.dmp

Filesize
4.6MB

Download