8b0f3c4de4c3a3ae8466debf2ceca2a342fd12c2d024164fc4106ad196517eac | Triage

Analysis

max time kernel
15s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 18:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

WinZip180.exe
Size

410KB
MD5

f7ffdcbc5713958f375db7bbbe943836
SHA1

de0dc68f6147606d4fb5e92c34da50df0b2c77a0
SHA256

8dd3a9c942dcf4e54f6501fb9d683318e2ed8d573e5b2614d3dd8a70d92b8a0a
SHA512

8b8a7bdba073c077600d4944c8e792a1457a439f0b41f6442cc7dbf4d67fee47c059da8c73347b078ae561878f620216b5d64ec91b33b166b83e3e1edb30588e
SSDEEP

6144:TPEVT/DlxGmVQhlzYBH1PBrj+qCkeHX0h1Db5lugnuz3aJkx5D2:T+DfPVQhlzi5leMD7ul3CkxR2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1084	WinZip180.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1639FFF4-879B-CCE1-29BC-48907FF46750}	WinZip180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1639FFF4-879B-CCE1-29BC-48907FF46750} \data = "c22b7caad7704628a245b8629760b205"	WinZip180.exe

C:\Users\Admin\AppData\Local\Temp\WinZip180.exe
"C:\Users\Admin\AppData\Local\Temp\WinZip180.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\OICFBA.tmp

Filesize
938KB

MD5
5c11a278ad9d13ddcf67495f2a20c99b

SHA1
7f2bb071d58499379488af727718f62355bc0842

SHA256
01af222f7272e3085be7a132e1490e34bb0603180cbc8b3e47a98e6f5a66e01e

SHA512
01d4193974bc30f744a538a849d084e0dd1d399127824fad739273e4eebb74b8fa970544c0a7a1b0e6e0576e058e2bc944f7688ca3aa2a1dbd986a7c4eb97307

Download Submit