154f5c4071cc2c1d664564063c15fa90297356ae66e0ae758b47d0c11a1972a2

Analysis

max time kernel
2s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 20:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

101c2bd1e509b7862c64987482990432.exe
Size

227KB
MD5

101c2bd1e509b7862c64987482990432
SHA1

1dbeaccf1e0d2753643432611b61b689ba2d6539
SHA256

154f5c4071cc2c1d664564063c15fa90297356ae66e0ae758b47d0c11a1972a2
SHA512

dc497493bd49728ce106d364af4e6e91c49089a42f425f0b560a6cbbc1e2014ae90c1ae87f065193fa3dbd9bffbff4151d3d3eae74a91d6465ab91cc429f928c
SSDEEP

6144:KifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRVdk:9fk6kDqHw2hmxlrz2HoSRc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4588-0-0x00000000007F0000-0x000000000088E000-memory.dmp	upx
behavioral2/memory/704-39-0x00000000007F0000-0x000000000088E000-memory.dmp	upx
behavioral2/memory/4588-98-0x00000000007F0000-0x000000000088E000-memory.dmp	upx
behavioral2/memory/704-99-0x00000000007F0000-0x000000000088E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 4520	4588	101c2bd1e509b7862c64987482990432.exe	39
PID 4588 wrote to memory of 4520	4588	101c2bd1e509b7862c64987482990432.exe	39
PID 4588 wrote to memory of 4520	4588	101c2bd1e509b7862c64987482990432.exe	39

C:\Users\Admin\AppData\Local\Temp\101c2bd1e509b7862c64987482990432.exe
"C:\Users\Admin\AppData\Local\Temp\101c2bd1e509b7862c64987482990432.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:4520
- C:\Users\Admin\AppData\Local\Temp\101C2B~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\101C2B~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  PID:704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
afb3ec03c115fb75ac65e6761445315c

SHA1
786f3317c53e5344a0a09d36fcb029faf2ff51d1

SHA256
7e26d563704243a6fef9258e57bec93598c2971ea3755ebb9bea8b58bcd67092

SHA512
ab7d51bfd6b12e47a05cc4532ef6c614b5c528ebe7241b03dbdcedef58dbcfead707cd7cbb4549f39fc1c42013c9b9f726d18dde4cf7476f171cc33c7adb0570

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
2KB

MD5
7a44d2f22004d0e942a97dbda4055ea2

SHA1
29e92f45150309b11c91112c31be183b690a8286

SHA256
86734bb53e5fe189af3f5b937b6935b746a6ddacb7d7ea25590d8d999048ba72

SHA512
b6f0b5197aff9d19838451b6b0b3eabddbf6244778afb91af87d7a1da6021a4032931eee94f64f7ddd915c97f8c3dabe6480c6fe8a401ef278fe3d848cad2622

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
f4649f54fbb36c97a1341c5f91db6dad

SHA1
a6ddd2cc10667b12e09484415e2d5c9beb3dd098

SHA256
42b5d260950cb1eae88b143336d064e03f2839c0042815cb5ce6e0a17aa4d2ec

SHA512
07b86af6256d219157d44a033b068895ba46999f85949c884055d785503d38807e2f92828fe75841470d226ed7ba65e1d4b027e240b9c619807ce41f7ef6db27

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
1afd5622d8f6c53a5d4bab71254a59c2

SHA1
aec5d4f9a7e9c9ce114fa4781369e5f167a489ff

SHA256
03495c00291752bec7e31fe9342cda737a75c7d5dcd666902ceeb2b1b25bfecf

SHA512
a2f4729d4f12a471b6bdd9058ed38edc7a970055a0edfcbaa1a56f5719ef83b6cf943b4d8da20ff729c468dee7e0d655630fc80c35a05e6f2fc6bba54e473d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
6c0e6bc0b635356a6424fd2b4d0c981c

SHA1
16b75127aabbdc76753820972b0c436dc0bcf5b5

SHA256
c62718c768c655736d3dc3c3376c0e500373f0cfd850ee8f049ce4eb96d0cdcc

SHA512
fc9877d13c5ed656a4489784a7528b10d6bfeb5ae3354664d00cdc61667ff062b3378b7cbd828f0042c67e17ee54341f7c4d043034ecb01e7f7de75d2fb93bf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
ef0be301e19a142eaa148424a3bb68f2

SHA1
63f7098620f71a8fe20f5e90c4a323c98bb82e63

SHA256
0ae3376c05724fd6f28f235252ed46229d6b8762e2e98c568a7d9938b8c96be7

SHA512
f02245d5b573b9c142e8972045b08dd9525439956eb75c18601caa5fa1ec2c7b62e5054fd975607f3f60ff082edeba460793b9774f4b1bde0913d42e0ff76669

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
c6c6ade1b5a7ff7b019df9551bcf8c25

SHA1
fc158d61112012dbd2e354c539f9665ba4c0c2a2

SHA256
ac1aaf3b4f2386a904abb3b669a3d43cf3534f864aa0247f4a1ed4bc24ef3f16

SHA512
069d349f69b2398bfe29f06d557114c1004c98d74df0fa9e3acdada036aff8f12dc4d50fe97548cb6ce4e6c13a3e879c35fb0f25fae70bb1ceb5a8b2134289e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
b891291cf648a0b2d95f811629bcdb15

SHA1
05e0a57704afad689a77c81aab6d284ad3e902fb

SHA256
292e090fd3cd415a4f85b740d32c5be91348b516801467d492ce42a853bd0bf4

SHA512
9744623607444de8231e03519ecffe95651a0f85afbbbb92122f4d177004035b6b85f2a7ec69db1dae7d8e9e2a5ec424ac18947a71403e788345316ec05ca8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
17833a40591681e30041a9232aa9e22c

SHA1
496698093a903aee0f6798e701231fc7932d95d6

SHA256
c25b89d76bba58344d4605ada5827447fc6b5cef431248808d067bb184a727c4

SHA512
a550eecd9b18327e34a1bf270cd3fe864c015feba2dae42e3a6fd496efbff292cd1938ec9bcaaa41e21556f4ee397d5e5ed6ed3bc544cf66f1e78fbf5aefeb8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
602B

MD5
f41077a6069bb9b4e207d51a7b138a91

SHA1
8e0c629c2d4305da5ac90b94b3166b52a8de9c11

SHA256
6f669959406e6d35dabd22ca45a02b522cd17ce308ae02d1c9424f5c9cafbe3d

SHA512
be8f556a3858cab7e36c7649e76757496bdca50e54274a5a45f7916e182279e9e943ef9608064c7927c11782651711b7a32392080a6707fde324c2ef4d1e0d55

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
9509e03a4f4404bb837aaaa2ee97d50d

SHA1
8a5935194e20770e9f86fec81fadbf18d17138aa

SHA256
3bc954b52091f2f1d4cc0ef08d2a206ecd9527b11dc8b709575ec23983daa9f9

SHA512
9637f29b04a6056d7ebd31197ce7040841a77a77e19e2f639c5edc6f7b6c35fb219c6fdbc1a804b1f3236acf132e790672ea79122c6def139bfc4faf33d86a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
cb5bb326241d0e759fbcd4a299e1557c

SHA1
ad737885eeb859278a401aa9cb2adbf0d81ddd41

SHA256
aa504d618b563feec0c7b0b5b02eb73d66690675ccaadf21b391d274fcf21b82

SHA512
be6228c46bf561d9e3565a79656d2b8e5f87b69b2e5fa4439e945642c7de7fb0c0aa754acffd04622357720c81e41e5f84220fe477e8f37c704c702618314da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133479388375521569javaSetup.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/704-99-0x00000000007F0000-0x000000000088E000-memory.dmp

Filesize
632KB

Download
memory/704-39-0x00000000007F0000-0x000000000088E000-memory.dmp

Filesize
632KB

Download
memory/4588-98-0x00000000007F0000-0x000000000088E000-memory.dmp

Filesize
632KB

Download
memory/4588-0-0x00000000007F0000-0x000000000088E000-memory.dmp

Filesize
632KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads