Overview

overview

10

Static

static

10

zeo custom...ps.exe

windows7-x64

10

zeo custom...ps.exe

windows10-2004-x64

10

zeo custom...en.exe

windows7-x64

7

zeo custom...en.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2023, 08:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    zeo customize by existed/zeogen.exe

  • Size

    6.6MB

  • MD5

    c6c519e43407eaaaf240077f1e8fa418

  • SHA1

    d5b20223f96619e997ab58d5e98cd10322a2abd3

  • SHA256

    43717d6c756379b64d7f8289e2bcd7a585ced7fcde720db6171a190de648dbd2

  • SHA512

    db7c66076db109c245104b90e82cf9bb2773e9d501501e752bf91fd3b59b03f2d1c33afd1f86f558f2930f4aa80a2a2aa449ea4d4a588bf12b06cd3d2fe870a6

  • SSDEEP

    196608:8T6DSL2Vmd6+D0JJVAzDaku99mEQcy6d/AyfRL6:PSL2Vmd6m0JJVAzDakArZd/Ayf

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\zeo customize by existed\zeogen.exe
    "C:\Users\Admin\AppData\Local\Temp\zeo customize by existed\zeogen.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1568
    • C:\Users\Admin\AppData\Local\Temp\zeo customize by existed\zeogen.exe
      "C:\Users\Admin\AppData\Local\Temp\zeo customize by existed\zeogen.exe"
      2⤵
      • Loads dropped DLL
      PID:1296

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI15682\python39.dll
          Filesize

          4.3MB

          MD5

          19e6d310c1bd0578d468a888d3ec0e3d

          SHA1

          32561ad9b89dc9e9a086569780890ad10337e698

          SHA256

          f4609ec3bbcc74ed9257e3440ec15adf3061f7162a89e4e9a370e1c2273370a1

          SHA512

          4a8332c22a40a170ea83fc8cfd5b8a0ed0df1d59fd22ebe10088ba0be78cc0e91a537d7085549a4d06204cbe77e83154a812daed885c25aa4b4cb4aca5b9cc85

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_MEI15682\python39.dll
          Filesize

          4.3MB

          MD5

          19e6d310c1bd0578d468a888d3ec0e3d

          SHA1

          32561ad9b89dc9e9a086569780890ad10337e698

          SHA256

          f4609ec3bbcc74ed9257e3440ec15adf3061f7162a89e4e9a370e1c2273370a1

          SHA512

          4a8332c22a40a170ea83fc8cfd5b8a0ed0df1d59fd22ebe10088ba0be78cc0e91a537d7085549a4d06204cbe77e83154a812daed885c25aa4b4cb4aca5b9cc85

          Download Submit