Analysis
-
max time kernel
146s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
11-12-2023 01:56
General
-
Target
908e3090a5b8a6eea324262c043a1c73a3a1196d4bdfb55f3c6d178d1fbfe277.exe
-
Size
520KB
-
MD5
a85c32539038b797cf6d484f7016b64b
-
SHA1
257e1b547c6cffd8ff6b077c1b4129a60c782043
-
SHA256
908e3090a5b8a6eea324262c043a1c73a3a1196d4bdfb55f3c6d178d1fbfe277
-
SHA512
432f8a1ad1d776c42a34eb04678b9551118388327635ee8718009f4c05ba036faf22b0e3482d4144d38c0ec5985f1787f5457347b59ff4ededa75968f0c38e92
-
SSDEEP
6144:MbUbMKgFdML22jozF1j3+CQ7JHZUiCCgwJ+t4:MYbMZFs22jozNQbU+jJ+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 29 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\908e3090a5b8a6eea324262c043a1c73a3a1196d4bdfb55f3c6d178d1fbfe277.exe"C:\Users\Admin\AppData\Local\Temp\908e3090a5b8a6eea324262c043a1c73a3a1196d4bdfb55f3c6d178d1fbfe277.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Downloads\ZTXClient.exe"C:\Users\Public\Downloads\ZTXClient.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116KB
MD535c83ab9ea7f702af9ecfaf0660cb5d9
SHA1d086e1646511c486a5188ad58adfb962fed0e0ff
SHA2563cc5130ad805d23ca3db26d732401b57bfebd7705078bb6d59eed7a4faa4eb12
SHA512b7db9a8d2e1506fac7e9727dde82fe8dc12bbf77a101eea29900c00d0f6c68e5e25a665bc7c01c4cdc7721190aa9c2f0368f93c81452eeb66078a6f265c0fff4