Analysis
-
max time kernel
121s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
15-10-2023 19:41
Static task
static1
Behavioral task
behavioral1
Sample
9d989f11695c05983efdab681ec3cc30_exe32.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
9d989f11695c05983efdab681ec3cc30_exe32.exe
Resource
win10v2004-20230915-en
General
-
Target
9d989f11695c05983efdab681ec3cc30_exe32.exe
-
Size
168KB
-
MD5
9d989f11695c05983efdab681ec3cc30
-
SHA1
04968e4c96cbf3c3692c5974990fb201a08077bf
-
SHA256
b3bafd3dec894cc63a6f860069b25c912f6f0e32b02ba2ac47ae08427715f97f
-
SHA512
27eefd78c19a3147a74cb07c4183acad7d41dcc2df1fc078f14e41606592681dd718ee8390225fde23883e1aa0004c18daf455a40ce2cd4b451ee5f67e2d1a42
-
SSDEEP
3072:7W6h6Y6DxQKBL+UjcvS5is6vZX5Kv8S138WtA7Kzfk0saRd/:7W6h6NR+Uw80g9XA78fJsaRd/
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2084 zlzghad.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\zlzghad.exe 9d989f11695c05983efdab681ec3cc30_exe32.exe File created C:\PROGRA~3\Mozilla\unslydf.dll zlzghad.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2800 wrote to memory of 2084 2800 taskeng.exe 31 PID 2800 wrote to memory of 2084 2800 taskeng.exe 31 PID 2800 wrote to memory of 2084 2800 taskeng.exe 31 PID 2800 wrote to memory of 2084 2800 taskeng.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d989f11695c05983efdab681ec3cc30_exe32.exe"C:\Users\Admin\AppData\Local\Temp\9d989f11695c05983efdab681ec3cc30_exe32.exe"1⤵
- Drops file in Program Files directory
PID:2108
-
C:\Windows\system32\taskeng.exetaskeng.exe {A6E193DA-F8FE-4B24-B0B7-ABDEB584827A} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\PROGRA~3\Mozilla\zlzghad.exeC:\PROGRA~3\Mozilla\zlzghad.exe -pmcpovi2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2084
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5188cd27c171c7f317141c14b0f2dcf34
SHA1b24b09de5477de39a6c9b9b8aafd639ce04774ad
SHA2567929e9c0c6b5659e5dc6c42ee201298c1f224821edd92e26fb84777e263a7f4a
SHA512921ec619853478217e94ee3bd7197fae6a947c40f9836c7b8ec73bd06aab7d04eb925e96acf660261cfe133706116c7a52ed8201701dc5e2f63e3ecb9c0291bc
-
Filesize
168KB
MD5188cd27c171c7f317141c14b0f2dcf34
SHA1b24b09de5477de39a6c9b9b8aafd639ce04774ad
SHA2567929e9c0c6b5659e5dc6c42ee201298c1f224821edd92e26fb84777e263a7f4a
SHA512921ec619853478217e94ee3bd7197fae6a947c40f9836c7b8ec73bd06aab7d04eb925e96acf660261cfe133706116c7a52ed8201701dc5e2f63e3ecb9c0291bc