84fe0ea4048f95903ebe8692d1ce80c8db35205a8409eb0471f0dd78cb5fe471

Analysis

max time kernel
144s
max time network
129s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/07/2023, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZOOKAgentSetup.exe
Size

5.9MB
MD5

c20aabde16ac81d65fbea5a169ed7a2d
SHA1

a48b94093249502621a0bccda2d4eabfde45da8a
SHA256

84fe0ea4048f95903ebe8692d1ce80c8db35205a8409eb0471f0dd78cb5fe471
SHA512

e27266a0a763975ed2d767abeb94f0c47da0c71f2a58d5eaf159180c38a7f1d8d4e5a20eaa79e618c344a00cd6f3a83ab549965fa991bd50361081d6fa25aa2e
SSDEEP

98304:fo1TPwHdnlRlaWc/KiU3oNzu8WoFcmRA3gTNVl1WxTMzz3uZr7pGvy9bpXPwxbBR:QC9UzU3cWobGgTV1ah7R9bpEyZ/E

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
920	ZOOKAgentSetup.tmp

Loads dropped DLL 3 IoCs

pid	Process
2224	ZOOKAgentSetup.exe
920	ZOOKAgentSetup.tmp
920	ZOOKAgentSetup.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
920	ZOOKAgentSetup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 920	2224	ZOOKAgentSetup.exe	28
PID 2224 wrote to memory of 920	2224	ZOOKAgentSetup.exe	28
PID 2224 wrote to memory of 920	2224	ZOOKAgentSetup.exe	28
PID 2224 wrote to memory of 920	2224	ZOOKAgentSetup.exe	28
PID 2224 wrote to memory of 920	2224	ZOOKAgentSetup.exe	28
PID 2224 wrote to memory of 920	2224	ZOOKAgentSetup.exe	28
PID 2224 wrote to memory of 920	2224	ZOOKAgentSetup.exe	28

C:\Users\Admin\AppData\Local\Temp\ZOOKAgentSetup.exe
"C:\Users\Admin\AppData\Local\Temp\ZOOKAgentSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\is-QKI52.tmp\ZOOKAgentSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QKI52.tmp\ZOOKAgentSetup.tmp" /SL5="$80122,5922338,56832,C:\Users\Admin\AppData\Local\Temp\ZOOKAgentSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-QKI52.tmp\ZOOKAgentSetup.tmp

Filesize
695KB

MD5
e0ae0a667d7b126207dd6b4ed73b2143

SHA1
9ff30b267c392cd37ff4aa14a7fb6ca19429ec80

SHA256
4aa3ecc9847b49618a9b72fc528400df93a10fb33b607960397176f5aefd0e0d

SHA512
e4a24464a1c8b046b857031c0518babe62bf6e9d26a79e75d6303d1c9e742fe31e036e62f0558ad3d489c15c7f790befc8529cd6884cf44ce2b16b624454973f

Download Submit
\Users\Admin\AppData\Local\Temp\is-34AN8.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-34AN8.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-QKI52.tmp\ZOOKAgentSetup.tmp

Filesize
695KB

MD5
e0ae0a667d7b126207dd6b4ed73b2143

SHA1
9ff30b267c392cd37ff4aa14a7fb6ca19429ec80

SHA256
4aa3ecc9847b49618a9b72fc528400df93a10fb33b607960397176f5aefd0e0d

SHA512
e4a24464a1c8b046b857031c0518babe62bf6e9d26a79e75d6303d1c9e742fe31e036e62f0558ad3d489c15c7f790befc8529cd6884cf44ce2b16b624454973f

Download Submit
memory/920-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/920-70-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/920-71-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2224-55-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2224-69-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads