Analysis

  • max time kernel
    142s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-08-2023 01:01

General

  • Target

    MiZAR_Lab_Setup_v1.0_20210306.exe

  • Size

    5.6MB

  • MD5

    4e176ad8acc098f26d059228421b61b2

  • SHA1

    648dde21a283fc4ba2931f3814de728a687f7f8a

  • SHA256

    3a7ab9516c4c6f793d3d64e5d03a7937d61e8376c07000c76e609247de3fee2a

  • SHA512

    7ec6485da5eeccc4ca4b3831f8677e4286ebf4a77c13e544c029f2dbdc662484a7d7a4873bbd08bbebdc006e23c67b10ea471878b24e75d18237176414634146

  • SSDEEP

    98304:n02oY7Ll1ggE+wct+VfkNyl5gCtW9j1EiApxKQw26SEd91i51+ko1As8DXMV1xi:n7LliAikNyliRTApx0SEf1KY8gli

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MiZAR_Lab_Setup_v1.0_20210306.exe
    "C:\Users\Admin\AppData\Local\Temp\MiZAR_Lab_Setup_v1.0_20210306.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\Users\Admin\AppData\Local\Temp\is-IC771.tmp\MiZAR_Lab_Setup_v1.0_20210306.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-IC771.tmp\MiZAR_Lab_Setup_v1.0_20210306.tmp" /SL5="$401BC,5465983,140800,C:\Users\Admin\AppData\Local\Temp\MiZAR_Lab_Setup_v1.0_20210306.exe"
      2⤵
      • Executes dropped EXE
      PID:4500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-IC771.tmp\MiZAR_Lab_Setup_v1.0_20210306.tmp

    Filesize

    1.1MB

    MD5

    a4cb46c715d6e7b72755eab92123a3ea

    SHA1

    1e769da1816daae7d50c8812c59ee20399431a2d

    SHA256

    686699d59606cd7d2253dff2c92003380361f00b168305e959e66bab9bc725c0

    SHA512

    8bdce037441eb0ed6aa5fdf7569580b32dd5294b6b4a36a054552e5b46fcbba328b659f2277d3a75d23d9ead64a28d3db2fe49c0b1c13e6d799490ce6509ab1b

  • C:\Users\Admin\AppData\Local\Temp\is-IC771.tmp\MiZAR_Lab_Setup_v1.0_20210306.tmp

    Filesize

    1.1MB

    MD5

    a4cb46c715d6e7b72755eab92123a3ea

    SHA1

    1e769da1816daae7d50c8812c59ee20399431a2d

    SHA256

    686699d59606cd7d2253dff2c92003380361f00b168305e959e66bab9bc725c0

    SHA512

    8bdce037441eb0ed6aa5fdf7569580b32dd5294b6b4a36a054552e5b46fcbba328b659f2277d3a75d23d9ead64a28d3db2fe49c0b1c13e6d799490ce6509ab1b

  • memory/1820-134-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/1820-146-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/4500-140-0x0000000002440000-0x0000000002441000-memory.dmp

    Filesize

    4KB

  • memory/4500-147-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

  • memory/4500-148-0x0000000002440000-0x0000000002441000-memory.dmp

    Filesize

    4KB