2464b2d8679a90b4f7c0cfeb4aaf8a919672e4a940c8f349fa0c1530e8a0fb05

Analysis

max time kernel
6s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

187c57ffdb6f77a10519b50cc1f8d582.exe
Size

227KB
MD5

187c57ffdb6f77a10519b50cc1f8d582
SHA1

086f11b56dc0299ab134141d4264b395ef91abd5
SHA256

2464b2d8679a90b4f7c0cfeb4aaf8a919672e4a940c8f349fa0c1530e8a0fb05
SHA512

393219761d49bfd32d143d804787d7205e338243f0d6a38f90d82f40c9040dfa6a432f4b724ec7f8b24380dc4c12e8983acd9a3ebb02b46c05a990f80323f406
SSDEEP

6144:Rp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3VZf:Rp4wj3t9B7wp+1+w7NSoS3f

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2216-0-0x0000000000060000-0x00000000000FE000-memory.dmp	upx
behavioral1/memory/2216-45-0x0000000003850000-0x00000000038EE000-memory.dmp	upx
behavioral1/memory/3056-51-0x0000000000060000-0x00000000000FE000-memory.dmp	upx
behavioral1/memory/2216-104-0x0000000000060000-0x00000000000FE000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2864	2216	187c57ffdb6f77a10519b50cc1f8d582.exe	17
PID 2216 wrote to memory of 2864	2216	187c57ffdb6f77a10519b50cc1f8d582.exe	17
PID 2216 wrote to memory of 2864	2216	187c57ffdb6f77a10519b50cc1f8d582.exe	17
PID 2216 wrote to memory of 2864	2216	187c57ffdb6f77a10519b50cc1f8d582.exe	17

C:\Users\Admin\AppData\Local\Temp\187c57ffdb6f77a10519b50cc1f8d582.exe
"C:\Users\Admin\AppData\Local\Temp\187c57ffdb6f77a10519b50cc1f8d582.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2864
- C:\Users\Admin\AppData\Local\Temp\187C57~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\187C57~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
883e5c2be4154c8bc11ea90915f2f32b

SHA1
42af82c3800a69a6fe9811333145f19ecbbbf0ac

SHA256
07baa6655f970dc8c7c329f0a25c9d83acd83a96089c39b8a3f5556109477279

SHA512
24145a4d7131cf2b9fd40c9e7deef8ae5773cd2ec01ac43367382aecdf7b0b36e0933c4495b56f5450576e4360c4403dc0325bad351b9348218a78cadb8730ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
e88250b6439301d75d966897d794ca4a

SHA1
84106c049ee0ca0a0abf54d32bdad71c37f8d749

SHA256
66fefbed864670f1e540de82eb4bf9ad06e669bbcea2518e9f9f31d931990d49

SHA512
652fa8dbc0e57afcbc1ef1f23ae9a5f857092328eff9c9d9ec038c0a175a8e902c486167f33575202765b977a7c00aebd79326a4442faa3c9e5b895a35fbdb45

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
1KB

MD5
07c91435b4acefc931745e9bc1695f8e

SHA1
67e43a8cf237befc0cdc45e426d8e215447f8175

SHA256
948c99e2b209b7522b1cfaf372e9022deb4b18f574e309e3a6df00fd65866ffb

SHA512
243f7430a5bde1be8bf7471f25d1c46a03b6c8f65533b2b0941a75fe6d968681a110ca23bcce2dae44773394356a04074d15bdacca47b988673533430dcb94c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
15KB

MD5
7ab7ec29ff36f896a3f1c3db44ce9146

SHA1
f0fb6d60a0aa2e8d47386ff67812ae73ab0d5606

SHA256
dd89d05e492febadaf707340f914a8edcac78afffa803a0ad0436aec73270cae

SHA512
245f20763d696155945d39b72811c7fb56e228ac0df80b450ed2bc5dfd858c956e8c11a8536f76a1a2b946cf045f6c6d12f7bbb0d5bdd0afbfd2b9b170de6301

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
17KB

MD5
8d3c88750d9f8861369a8d27cce97d75

SHA1
8670cc5f70e4c701df4454518802524902e1b278

SHA256
ae826a91f6b7b04b74775e0d0ab2dced336715e82966b93955dc1d3ba05bcd0c

SHA512
dc6b08a0907543bdc318ba498b3c8f09dc26e01e385995904fce24d6feb8aa0bf6806365a8ae44adaa276901a1f8725790dcbf21602a7b2f4928531cde3f6216

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
df2b7a7e64d5319b190e51a4f4ad936f

SHA1
6808a2e545677beb252d5a9dd5bb42ed5cf2d530

SHA256
c7bc8a1fba8fa41e6300cb0a169e90b51275c04eda93369380de751fbb7f74c8

SHA512
2a43f808680dce98fad0c28990756ed9aa43214e45b347a8234ee756b3ac8a2e1d97b5a3dd8b16cde026877f4ce81bf71ba19f1778cae44e27cc80cabc6baba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
3175d707af1bf228327e354f175635ef

SHA1
dc576624bbc15bf1065866e74a5374c1136354d2

SHA256
68b1497c25f877709bcc993037cee6e8799883fe67aa7c145e91cf49314d8fa8

SHA512
3742e4c6da875ba70059d1955373a6ed1611d1195dcb5625b5e59a171dcb3be7e8bfc653cccbdb9ef30d67c04fdb7435bb863a05b041f27017ac7381b13cbea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
c1ab5b66c287afec9fd4421a723dc6c7

SHA1
bfce38c1ffea6bb5a6ee0758df41752c26fc8745

SHA256
4f66171da35d4d6382f235a8cf72bbbc7a6795a7d294e9aef7997496ccd8e94d

SHA512
be03e932b394069ad004a66f0360fab192744b5fcaa4e924f0abae15f3f880a9317293fbb99b2736cb78edb48629bd250e80809d8a43e87e9a60399cbeca8529

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
73a6764846e89db01bdbd45c019fc449

SHA1
ee17a3775d190b7461f1afe71c7d0204265c69e1

SHA256
6600f408c0b94e783ba31c6b11ff5d33371ff5e621389fd98e4d55a5f99c5f61

SHA512
20f823d71a33555f697fba0ddad551f6a8fc978831989bda3eb806b3ef64d37d32aa078fe23ffa9aab110a48d67f05b7d96011fab6a34e83915d97333f2d5a14

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
c0eea779aa0a3ea6fbeb50b0178eb34e

SHA1
7c8b0435c896029b531d3bfca1f8c4ea3a0a835c

SHA256
0e049f998bb34677f622cc843ad76c3d4b22971f2459157340f3a3d71a30b8c2

SHA512
2afe290abfc9cac378fd5f3202916b3c175789b7dedb8748b3730d8ee81622f69032be46873c710e1c41f782c7e717cc635c8c2ff036acc5a20ca525249886aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
memory/2216-48-0x0000000003850000-0x00000000038EE000-memory.dmp

Filesize
632KB

Download
memory/2216-104-0x0000000000060000-0x00000000000FE000-memory.dmp

Filesize
632KB

Download
memory/2216-0-0x0000000000060000-0x00000000000FE000-memory.dmp

Filesize
632KB

Download
memory/2216-45-0x0000000003850000-0x00000000038EE000-memory.dmp

Filesize
632KB

Download
memory/3056-51-0x0000000000060000-0x00000000000FE000-memory.dmp

Filesize
632KB

Download