1612c57a21ad682c62dd371a9879fc251ca668c7895842c339706a3a32bd17f5

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02dd6c0d8fe7c167315dcb034e302358.exe
Size

227KB
MD5

02dd6c0d8fe7c167315dcb034e302358
SHA1

eca6e5427324321b78ee9e4acfe587916b1c1944
SHA256

1612c57a21ad682c62dd371a9879fc251ca668c7895842c339706a3a32bd17f5
SHA512

61b9b9d80afd8040e38ba87b5a0fe75920144782dc1ab75578eab78fd6dbcbe578ab13a861f959e7c924bbe99a17a21a60035caf49b40670bf4789a652a83152
SSDEEP

6144:kp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3VLP:kp4wj3t9B7wp+1+w7NSoS3V

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2540-0-0x0000000000C50000-0x0000000000CEE000-memory.dmp	upx
behavioral1/memory/2512-46-0x0000000000C50000-0x0000000000CEE000-memory.dmp	upx
behavioral1/memory/2512-114-0x0000000000C50000-0x0000000000CEE000-memory.dmp	upx
behavioral1/memory/2540-113-0x0000000000C50000-0x0000000000CEE000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\utils.jar	02DD6C~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	02DD6C~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	02DD6C~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	02DD6C~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2788	2540	02dd6c0d8fe7c167315dcb034e302358.exe	16
PID 2540 wrote to memory of 2788	2540	02dd6c0d8fe7c167315dcb034e302358.exe	16
PID 2540 wrote to memory of 2788	2540	02dd6c0d8fe7c167315dcb034e302358.exe	16
PID 2540 wrote to memory of 2788	2540	02dd6c0d8fe7c167315dcb034e302358.exe	16
PID 2540 wrote to memory of 2512	2540	02dd6c0d8fe7c167315dcb034e302358.exe	19
PID 2540 wrote to memory of 2512	2540	02dd6c0d8fe7c167315dcb034e302358.exe	19
PID 2540 wrote to memory of 2512	2540	02dd6c0d8fe7c167315dcb034e302358.exe	19
PID 2540 wrote to memory of 2512	2540	02dd6c0d8fe7c167315dcb034e302358.exe	19
PID 2540 wrote to memory of 2512	2540	02dd6c0d8fe7c167315dcb034e302358.exe	19
PID 2540 wrote to memory of 2512	2540	02dd6c0d8fe7c167315dcb034e302358.exe	19
PID 2540 wrote to memory of 2512	2540	02dd6c0d8fe7c167315dcb034e302358.exe	19

C:\Windows\SysWOW64\cscript.exe
cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
1⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\02DD6C~1.EXE
"C:\Users\Admin\AppData\Local\Temp\02DD6C~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
1⤵
- Drops file in Program Files directory
PID:2512

C:\Users\Admin\AppData\Local\Temp\02dd6c0d8fe7c167315dcb034e302358.exe
"C:\Users\Admin\AppData\Local\Temp\02dd6c0d8fe7c167315dcb034e302358.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
b007cbbc5bf04caa6c2f971f8bb7805b

SHA1
947770443c3546b6f75d9302dd50a324333565d7

SHA256
30c75eff5f94097ceb11f017b13f62598460b7ccaa8e8ecd8a415065df7324ab

SHA512
98038bef6b2aa0498278f6104a712600198dc6494b6e3647130f9a8b9bf1efe4faf89f6a0fb65a57be8fadbce18aaf5e3c40e43964e425b6d54052cfd0ccef9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
893d31a1b67c3c07d0f7a7d1358a3c04

SHA1
f531c8eb3358e8192964ea427844514e3e656f90

SHA256
26f62977ef03df6f036c9abf8f8d5441a1afa7c3fa15c2c002a7fd851bb67f97

SHA512
db0a13ca053309dc27cb2d5bf189fa303100dc4fd57e56db3b1f8d89cc61827e3861be9c05d22e0a8688f7f983ea442cd2772710db6db645ddcfa0b115829957

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
6b81b9d1c1e7bc6ac60fd264471e296b

SHA1
7b3ae4d1fce56cfbc3f8f029e96d72d5274e3baf

SHA256
b3b648812d963853fde1a1b6122088c7adf6025fab823bd02f91fbc876130d7f

SHA512
d27c888d10f926c2de5b38d916f492c0f8fce214e9fffe9c822c9febf63a596a64d190b70b4df1f607b1f166d802e8464fae3493d7a02b584e113fd05eabb435

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
6dd4452b340e32f4a6468a5357a4ff57

SHA1
66396a936a8e692f08d6dc885f61fd1fc273ff93

SHA256
f966001e65be277eceafd4683fbe20183b60794f369e6738d8b6058537adefc9

SHA512
08082b9f2ca3c55781dabd699102ef7fd914e913aae58f3cb01a7eb179cd5c9c6eaeb6e3ccaf2bdd834a1c18ba3e81c9021c36b361e81a0f8f6991db8e8417ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
e3c4656ce31db3b9303261a50455a04d

SHA1
46cd2d76893be2b8d21de618076cfe2f36566cac

SHA256
e8307fd08d7bb9ea474fdd53bc52f07f1d9d0324869625fb61232e7e92ac8928

SHA512
da819249a94129886ed2c5573ed52c3bab25d1439d8dfe88d7ab0009b769155e0e2c55fe9b0992ada5f301550213582e037cab6337e0b2c75488275002afa1cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
ead59e89ae3cdaf154e2aa2d0b06c049

SHA1
aaf9787da2bd6e2cf9e06d35ccc7f88d00f1062d

SHA256
a08d6cc39479c8b8ce26e975cd085b78b4acc23c8d5d4384daeeed4777f0cd4c

SHA512
bbfa49b623b23f00bfd88f82080923b19d6f983f3ef5a360154e1f88abd44e29557068c7edd018034abfbc3d1a107a9a354b0bf99538761e5cf178731900c5ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
263240b013917be016f7fce1b0274c55

SHA1
11bed1c43b4cfa163418df80bc33dd03016f59b3

SHA256
5053c3679486e78f8482bf0e3553ef88f191d27617cab1b64527804ecee0cc6a

SHA512
b46918cee174c4570e1d775ca9100b089706137e82e9d1c70a7a9aa8d41b6778799b3b4bedcef9363a226f1c9e2adab4cf1132a52ff8a35a0925bec486031760

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
53e6576415f87976b44f3bae76b44f78

SHA1
969446e7521a58ff9d6d783ec293d9d6e542243d

SHA256
4bd4b9e4ccb619e713aa1a36a34bcce90879d90668044fc2abb06ec3541b6ce8

SHA512
130ee17e8dfcfd7ddb84c571bc6b7cae02ca04f979fa1ca96d77138f904c00ab5a537992949f84b5667f6a1e952bfd286bd16964361c9ca43cf3c75663fc2949

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
7bf4cd6ec45806458d2e71954c53b739

SHA1
da9c88738e04a013fcc5432f1e0d588fbe6a0c6f

SHA256
9c841ccb40ad692fe76938617b63979e520e91eca22777d294da377273a6c79d

SHA512
7818e1f43476ae7f8cf23e0aa638aa47e1b7655fd04310c032f38e65b87de9f85810d76174f781da99ea83c2ac4888d9e1c7ea87aff7b59ae72764d81b14283d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
526cbcb1d83544547440ccc0163a8952

SHA1
1597be32fb4c644f58004c30893d3e23471fb4c6

SHA256
9c7ccaf8e3b361f889a5bdb77c810359870579ec1ff6bab038cfebdd3e917929

SHA512
9acea6cd4b20069036a50da0d16e19f175f33e3b84a71a0992713e19c1869aff528120a7d325db3ff3bfdfde534cbe83b8c0dd9425c9fdf5597e8c4237f49b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
a2798ab608454f28fbc14a3798bc3789

SHA1
7f0d1925dcf18f21cfd69d8c0a504d45c515591b

SHA256
676aa1e9c0e48d92316213f9cbb9eacee9cb741583fb9d4bcb47976ed6411eb3

SHA512
9db041acf910e65d34db4907909e8fe46985346b36f3de4797490c2814c3d27427c6594c88ab5a5a93bb9c81ed616cc25242049668d9e6117f4395eeb080fd28

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
a41d5d616ad78e02db27f2c08281ebd7

SHA1
a43fb05331a368def9472463dd9660fb47f965ab

SHA256
ef878c65bbb08bc17d4bceb4685b9a3798029656aa8fb1671b34c02b3d7e0a97

SHA512
4cabe6d9319a6baf4f5ec44992afc8a1e0fe3fbb65a753711b4326121ee69fd820c1b8ac7941aaed838d8efce2798bd9ed3a41bf35573e1c201e04dbf4b6a21e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
2KB

MD5
00ee3aabb5dd4e4e1e70ee0f4fded39a

SHA1
3b0048071a57759a661b602c3bb5831c54bfe2be

SHA256
4eb90784c92e4f7b5dafc5fbefe72c0923a6b124d133f02b2903d7ae2f8bfc60

SHA512
f8e8f95bd27a05390f4bc6c04d59f70ab59b41c76063021190cab3a9ad39306ddaaff47827d082f896dac861c77a101a959dcdd4ac162461d2cbd0f992515299

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
f9875f9e2c8a751d954d9b2c1a0b80c5

SHA1
c1e67468a9e2cdbab5ec8b1d30c21a2f75d29df2

SHA256
e3300ff1ed658839c40e55c7173f291b7405b192ca28c4fcf07adb121d180f23

SHA512
175c6d41cc3f2e9943e60fe87e96c714c388bd97cebdb57bb76569d06702a7b2d8b707329a425ad40075b1bf9e6e644266065bb07636b083558235d7e628e70f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
3KB

MD5
2dc308cdf184e9bfb26d8ff23f410293

SHA1
ff0ea287b5c7a84f909cb86a195862321dba2a9a

SHA256
4391ca2c9fa37ee1a5c9c4c1f883c75990268c36da975d22fe1ab5210179a103

SHA512
c4483df7c509a6f8b511637d79bb32e7264780e621fe2e8033717cbb90f87541a4de4600db3ca90c2efd157feca0ccd772833d109b0794646d3de4192d4c9ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
5310480c3ce7d2d98b80fc7635ab3ef8

SHA1
b3dc1ddf4594622a649294b2fd47db6d47f7a3d4

SHA256
54a911fac047f5fa5b5863ea3283c6f63d70fcd49ed8535615a0eb1034936597

SHA512
d5c9da80ac70a8562cb18932fd135cb401d8bf48c5f574de5cf75052048939e1e67183657d5839575f3937e8db7e908d3e5ff7a1bf8f5c139d4ed5eca65c4f82

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
d1da0131a70a032df15f988bef0a0147

SHA1
c7f85669bda1cfec325ed08bb5cd5088a26af3fa

SHA256
f5719b37dfabe3f16e1f15ee1f117ea63f02a78dfee09c9eee42a9dfe390b940

SHA512
3d545a8eb1e540c5b098e101a79d71c797b37147ee969b4c60c4ef39994150d655e371e4bb17a8f0d40d5ed0aad2ecdea0ae10b26461c04f1aa393dbef400805

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
8ed2411ef27e77b8009317b357a420de

SHA1
9cd6ef7139ce4ba925e0e237130e45b352ec264e

SHA256
8a2aadd8dbee45f8aee669c73ee9654c4e45d5db5f7dbaddfd95ece6c50a03db

SHA512
b96072d187786227ab8642d4753081ea84b75e2388810c2e5a9a4a4584c4509e5e6e02cb982819810627865946ae63ac40a82dd55d49c8ccd771b75961d87761

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
bc6bfa1dfc447f84d88da1700570594c

SHA1
9a31de89fde81c575984f418b55a9ca280dd1c86

SHA256
36abfc16f89407cc3a1782cd9882df61ce2dc314ab3020df6ac25b229d6129f4

SHA512
aa46376f5a9bcb8912b541f736cc7c451ada4152b6a00ecb067da3594617180e7c2f738efc9455ba3d99b79f163952235abfa9324c2924e5663c59a55dcf5b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
487197d6c599b2c77b56c876f81aa69a

SHA1
e6241a861c69e282753cf58e430caf62963a58be

SHA256
e51b483b46a04d50123fde1a56ad5c906e51d5806015622ef50899aac2fa0161

SHA512
e10cdbf818adc3cbc51fa4dbc9c18ace8d23c6436eebe0a5f57d6c8774840c3ea1e5f4f614209424490493454085f4b4d9669ddf64e3ad8730f050c230e54696

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
900321c213ab58f577746c0707b2005a

SHA1
8f7375fabfdf34aad0d457402651b8691d571b82

SHA256
d75531d92f7e2d65b041e8fb50db12eca7ff8712840540fac8a22bf0d70682d9

SHA512
6e0781adbf95307a53e9a84b586cfe84c575931c3cc7f03d1c4a2d061173b2073427acc1759d0f220b880be05b2f80ffc02ced3ef4f49347a9ae286119af43a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133479080769590000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2512-114-0x0000000000C50000-0x0000000000CEE000-memory.dmp

Filesize
632KB

Download
memory/2512-46-0x0000000000C50000-0x0000000000CEE000-memory.dmp

Filesize
632KB

Download
memory/2540-113-0x0000000000C50000-0x0000000000CEE000-memory.dmp

Filesize
632KB

Download
memory/2540-45-0x00000000030D0000-0x000000000316E000-memory.dmp

Filesize
632KB

Download
memory/2540-0-0x0000000000C50000-0x0000000000CEE000-memory.dmp

Filesize
632KB

Download