Overview

overview

3

Static

static

1

Setup Ozon...4.0.7z

windows7-x64

3

Setup Ozon...4.0.7z

windows10-2004-x64

3

Setup Ozon...-1.bin

windows7-x64

3

Setup Ozon...-1.bin

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    03-09-2023 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup Ozone Pro v10.4.0-1.bin

  • Size

    1023.0MB

  • MD5

    bbc28f48b602fe270cac5d1f45dec5fd

  • SHA1

    b25d217282a6ea5a50b5cea86dfda8a50a5a05c5

  • SHA256

    902fa2535bc17054ec8acfe2e6906914b1865cfc3c9be4d5be55e005a75fffa4

  • SHA512

    d8c8ebb7116ee7ffa4d205d762bc0786b2f8285412a06861aed7b38f55c87b360e7a65408ba7dd28f2e190aa475462e9ff0b7d836830bb1ce2d0fa000a22bd52

  • SSDEEP

    12582912:7fWaK+Jsrk83k7nngf6/D7Gv8ulSGXfK5SGXHgqHSGXDOC9SGXotISGXzJB:qaK+qrnkjgfm3GvLL8LJLDZLFLD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Setup Ozone Pro v10.4.0-1.bin"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Setup Ozone Pro v10.4.0-1.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1712
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Setup Ozone Pro v10.4.0-1.bin"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    01b36337a95e5eca6bea94b25f011bf4

    SHA1

    b8eb5ed9418bb0167a8cc5347acccaecdc788f16

    SHA256

    cc26c7c3ce8ba2b5ae21708e274df345bab5b72c883820924e172d40e00fc925

    SHA512

    f4eb2dd8562a76ea9f252338b4bf8469d9e0b3293325644fb3d66d89de63a416d397be7e9d6ee232b6551f23c87779c476dc66c263f08e48d7f4b8c55dcb2dfa

    Download Submit