0a857b39e37388680b4b0633af3c155af71cd7ea8a6de6877b9f8468f9f4daf1

Analysis

max time kernel
3s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
23/11/2023, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Loaders/WZ2 AIO V1.exe
Size

14.6MB
MD5

5970e53083880e6767ea08f87393a536
SHA1

f73d0179d873df4c3ed3b9f160e796794664f5eb
SHA256

92f3f6699cd08b4cffc6ebccefcd04b3de622fe274e39c73b6914c3a63e22c84
SHA512

dfd83e07c05df190b499ac52846a790f4c552b47b57ede83ff98ad63690a5d004b1dcd7d0fc4cabd2dc92a511b0f28788ec491e8900b65c168c02544dc13cfcb
SSDEEP

393216:7Ka5MDbCIi/wej7FyaUJQUbEnUN68ZrZA6i:715MDbCIi3/FyaU9gnUN6l

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3564	WZ2 AIO V1.exe
3564	WZ2 AIO V1.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3564	WZ2 AIO V1.exe
3564	WZ2 AIO V1.exe
3564	WZ2 AIO V1.exe
3564	WZ2 AIO V1.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 3528	3564	WZ2 AIO V1.exe	72
PID 3564 wrote to memory of 3528	3564	WZ2 AIO V1.exe	72

C:\Users\Admin\AppData\Local\Temp\Loaders\WZ2 AIO V1.exe
"C:\Users\Admin\AppData\Local\Temp\Loaders\WZ2 AIO V1.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Loaders\WZ2 AIO V1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:3528
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Loaders\WZ2 AIO V1.exe" MD5
    3⤵
    PID:1856
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:832
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3564-0-0x00007FFE1AB60000-0x00007FFE1AB62000-memory.dmp

Filesize
8KB

Download
memory/3564-1-0x00007FFE1AB70000-0x00007FFE1AB72000-memory.dmp

Filesize
8KB

Download
memory/3564-2-0x00007FF6B3480000-0x00007FF6B4CDE000-memory.dmp

Filesize
24.4MB

Download
memory/3564-3-0x00007FF6B3480000-0x00007FF6B4CDE000-memory.dmp

Filesize
24.4MB

Download
memory/3564-7-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-8-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-9-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-10-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-11-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-12-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-13-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-14-0x00007FF6B3480000-0x00007FF6B4CDE000-memory.dmp

Filesize
24.4MB

Download
memory/3564-15-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-16-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-17-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-18-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-19-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-20-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download
memory/3564-21-0x00007FFE1A980000-0x00007FFE1AB5B000-memory.dmp

Filesize
1.9MB

Download