Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system -
submitted
09-12-2023 17:46
Static task
static1
Behavioral task
behavioral1
Sample
96A3EA4BC09BBA5437EF00C758924CAE.exe
Resource
win7-20231025-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
96A3EA4BC09BBA5437EF00C758924CAE.exe
Resource
win10v2004-20231130-en
6 signatures
150 seconds
General
-
Target
96A3EA4BC09BBA5437EF00C758924CAE.exe
-
Size
458KB
-
MD5
96a3ea4bc09bba5437ef00c758924cae
-
SHA1
0154b6d842f48eb715e11856d3c7f5e92dba9384
-
SHA256
5ff19009b6f29952af3ad9e7edf22377abbdca476b9bb945f1b3b057c8b84e3a
-
SHA512
54cfb4dbffb1e0e0ccdd619af6521f353ee76f92b13557f1a0f521b8e0198637924a3168ec86b8b447070bd50b1d5af0c0a0c6d2ac4c4ca977e3a95459b837ab
-
SSDEEP
6144:tk5byxHPnZaCHWWjjnnhUNeX0BmHbHTLNMT9wRUMXFLpmEJyMQxVGGGGGGGGHGG3:5xvnZaCHW+nhUNQSwbHFMx0UQtx2b
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
96A3EA4BC09BBA5437EF00C758924CAE.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZillaUpdater = "C:\\Users\\Admin\\AppData\\Local\\ZillaUpdater.exe" 96A3EA4BC09BBA5437EF00C758924CAE.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
Processes:
96A3EA4BC09BBA5437EF00C758924CAE.exepid process 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
96A3EA4BC09BBA5437EF00C758924CAE.exedescription pid process Token: SeDebugPrivilege 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe -
Suspicious use of WriteProcessMemory 40 IoCs
Processes:
96A3EA4BC09BBA5437EF00C758924CAE.exedescription pid process target process PID 2072 wrote to memory of 2748 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2748 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2748 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2748 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2776 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2776 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2776 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2776 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2716 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2716 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2716 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2716 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2340 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2340 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2340 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2340 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2392 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2392 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2392 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2392 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2892 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2892 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2892 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2892 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2600 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2600 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2600 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2600 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2240 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2240 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2240 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2240 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2888 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2888 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2888 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2888 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2592 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2592 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2592 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe PID 2072 wrote to memory of 2592 2072 96A3EA4BC09BBA5437EF00C758924CAE.exe 96A3EA4BC09BBA5437EF00C758924CAE.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe"C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2748
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2716
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2340
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2392
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2892
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2600
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2240
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2888
-
C:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exeC:\Users\Admin\AppData\Local\Temp\96A3EA4BC09BBA5437EF00C758924CAE.exe2⤵PID:2592