20d227686e6e4f6e20f2df558d5f51d895ac13e47ed48b5714aa6055e8650fad

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e8d0734c8fddd6a8062134ffcf75adf.exe
Size

227KB
MD5

0e8d0734c8fddd6a8062134ffcf75adf
SHA1

dfd4fb1e2b8a677e1a9c383dcbd773b088cdd15a
SHA256

20d227686e6e4f6e20f2df558d5f51d895ac13e47ed48b5714aa6055e8650fad
SHA512

9c7d59c3e5147d1c0a9f1889d8e97b47b0e1e41961a463ef64fe97d46db0b2c2e3d185eff4dc3f5baa8442deef56b3b460d99da2271554731986c03fc250a75f
SSDEEP

6144:xp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3Vea:xp4wj3t9B7wp+1+w7NSoS3L

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2500-0-0x0000000000140000-0x00000000001DE000-memory.dmp	upx
behavioral1/memory/2140-46-0x0000000000140000-0x00000000001DE000-memory.dmp	upx
behavioral1/memory/2500-105-0x0000000000140000-0x00000000001DE000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\utils.jar	0E8D07~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	0E8D07~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	0E8D07~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	0E8D07~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2716	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	30
PID 2500 wrote to memory of 2716	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	30
PID 2500 wrote to memory of 2716	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	30
PID 2500 wrote to memory of 2716	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	30
PID 2500 wrote to memory of 2140	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	31
PID 2500 wrote to memory of 2140	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	31
PID 2500 wrote to memory of 2140	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	31
PID 2500 wrote to memory of 2140	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	31
PID 2500 wrote to memory of 2140	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	31
PID 2500 wrote to memory of 2140	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	31
PID 2500 wrote to memory of 2140	2500	0e8d0734c8fddd6a8062134ffcf75adf.exe	31

C:\Users\Admin\AppData\Local\Temp\0e8d0734c8fddd6a8062134ffcf75adf.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0734c8fddd6a8062134ffcf75adf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2716
- C:\Users\Admin\AppData\Local\Temp\0E8D07~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\0E8D07~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
a67fc4ba568b73f9df8b780a962f5512

SHA1
d58c69d22d3d8aeb945e0204ee683abc769f66ee

SHA256
48113c894322bdac8f451d88d3242094c8d6db097bb59be1981f8162fc3fbdc6

SHA512
a7c2a1a756a6f1db35c6c305760715a43583f20f001be8f4d86585dc3a65dfbc1371e5e062910822fd064fa54b383794e9a37f0d0dfb3c826c1ef2b167a61bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
3fc2be1f62b2542157cb82b5b325bc13

SHA1
da1b0e2febc5cf128a80664faf9dcd4b2774212e

SHA256
63302cfac9cb0e9aeefe27224586ad2327a683bfa7dc5815a0bea057c308c15c

SHA512
ee8be0da7cb589db197ac6f25b587974c311afc883593a148fb645db484866e5ad2d0bbe96c444cd493aeba451f7fc187d3bf67934cc407fb5ec11a4bf0f5adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
ce7613201473b06c22881e2ca29c1a8c

SHA1
09c3b39024c44013a2b68dc0ac4fd5422be4c5f8

SHA256
0abd0db08029afa0fc541003eedabaa4d4668bf2dd07769cf84d24116c8dcf4f

SHA512
63029a9491f4fa5bc052f631880c93002fc504b919d9d24e721fbd8b3c6575b23bc79c5a642aa4b02ee157c70898e35f2626e0ed6fea42eed8eca5e83867aeb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
78ddd7c195b0210613425b126d62acf8

SHA1
160eb304fcba07ea344a5c9646e08c50544d53be

SHA256
83a7a95c3d28ac29b743c8225cef2c3b97258db8df3d3582ea7957a0189312d0

SHA512
9cb16bbe410c187b511188de80b15963ecd15bef208452bd6beb9841dec29d4bf2b159d6bdc5bdf5ad8b548b891f63dc349a07e13fea0ce7a728bd51dc03dcd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
3b3dc0dc6ff1d08797f70420bce9d8ca

SHA1
733e89b2c109a8d37938f798567a7309b1e45539

SHA256
40d4096d0d6b1f07926376d92551d95b4954aa5feebdf78ad6836e607d81e2e6

SHA512
af2d73864324521e62be0bc696d288eb732a5ad9698afbebc7922d131abd9ff02773d0a3d8f243a5afec0a035d79a17da1f3b53275184a97f2ec0b3f716e7ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
58c11428b4fa2641ca87e1c4dcc2f006

SHA1
2948667b0aaaf46e56fd9caf958ace9800455ff2

SHA256
505bf7627098a91391bf94267aa982e795efd5d89ca4c62bea99e74057aa3824

SHA512
d330cb97cab8d9738c60882d4469f2829287084778af1a59ebda14c3ef2ba4f93cda898ae168130b88792ff1a671d6b07cbf646fc11022d2579d23c6a776030a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
ef1d46bbacc2d342dc4cb74b12745408

SHA1
9d9b9b2d3b66c6aa4566654e26efc678ffa3b1ee

SHA256
c3f8ca7d05592aa9c030856d17f295a5e3fde793c80298695a6a8fdc0aa3724f

SHA512
568754d9f143f4dfb9659c1db7538f1e522e1c5b2723b479be59b5a8ae95281dfe0fb494b0c63d68b299918574d4ad8d4c5ab8242a68593b48503c4daa0c9140

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
184c1de59b4609e3dd8d31c627dec2ed

SHA1
5081479ea79385cec3919bb8ebd250085a99a9ce

SHA256
f17d88519d2616f4b916ad7d5bee25e660a52bd961d76cb598b993150fd1ebda

SHA512
acf7e03011cc7f31d25cb54b7db04c86a428aafd03e3ef76d98a0851da97f56bdda3b7069eef273624e32a7c2b6a7fb5d10ac2bf1bec0f05a4b4b008a513de49

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
23c6e421c697d980b3f0777d466a7cbb

SHA1
f3bd54360d6f54d1feed60fd343b28c192dd415e

SHA256
07c7c71b27a349b0cbb5ccd8a4ad33371009dc34eaa33323c8c93964d20fc78d

SHA512
1a5be3145161211c907f8dd274bfab7a544f742176602be0105e6bc71918d3ea6fff73e0a37a1cbc88c7a966af8165617245242a2972123a03c9c00b0a8d803e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
0cb0dd268b62e5a487b0f76b3c893f68

SHA1
9bb6bb36ca14c4ac59c4d289d4a4b02b25f7dd71

SHA256
d3bab4de17573aa10cad6382a1ad392326f5cdd7be7b55513753012ce6ec92a2

SHA512
7cfb2b2f4afa9746ac22b095b5f22ae03278f4f19d804a3bb93cd136c82e2b30d4e39d999364216944aefa64e4aea33295bf417afb6a99fe172f9cdaee6cd61e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
1e3f4d79a7253ded56211a6865b41e98

SHA1
6a13873bfe9619ba47d62cb907d0379a03dfc940

SHA256
5a919b72a07e2f0337e5b25475de32e2a73a3231fed4d3a23c1d79b04e344419

SHA512
15eb75f7e78d042a0801ae424127908e9ef8e9662b54485ae07af85e80d127012467f2c462befd6579a7a23f21dde5f66e44894af27db61b5896468010e5464d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
59e26c6d3286018fe14c6f15203d524c

SHA1
1e00d21620998a8d06c8f1927d10babe488b32b6

SHA256
b8fff249337cc0e90c01a3eabcacf4cc7c6ac07bfb2ca013b6228070749a87a7

SHA512
f9092dfc995933777fe8c210b397f3548e5eb4dd858cb5d4fa1700d15d7f2e33617d4ced9e3359c77db08cf8383ecc664259e92e33e4d3094466b47390212108

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
a3ac60c61d8dae19e2b747f2c4082a63

SHA1
d6defbc3e75797731fe2ffc1ff1aea3dc91b5b05

SHA256
ecffa0944c5c9c72aab23228db368dbf56d84be78fa4249f58bea33b5c6d1063

SHA512
57a16eb98b8c429783e7590e57b4b769720d0ab93da5bb48f9f471c435f191d78d3db295fd716a5b0c57447d1a097924fd3e4095b91db459a31e0157e30b34a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
efa67df994caa5d72ffe59e38ae7940a

SHA1
57273c2e318270b10f9cb24c3b8f454e4a2cf9be

SHA256
6d4fa431c2e7ed80fc6906c7129efbdc20e6d515255d33ecfaefa3d4358ae34a

SHA512
b746400495d7330cd977058341bfc88fc366bd2b7025b7ef6cbb68718d8d93b6577587b685ee3dc4b1554769c9c59413fb14254c6773e14caf82133fc3e4f3eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
fe904a762bdeb19b97df73a53738fdaa

SHA1
0fa10572ecf0ebf917088c75b47db66b5ce8cbc2

SHA256
cc172a8e14d643690d51e4f0d0815cc468acf81b935f598134f9e0bb02999874

SHA512
2ccb92be34c45c1253ba0657ba4b5c279d5d09b33b87bb509baa3a33f6c773409af188e32c3b5d477b64090a6dc0ea2b1f43ed1775a61f45146f88d827be71e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
8f50e3d7418c81edb83796226cbe997e

SHA1
25bc3fd17111581c7cd742e5da5c04b647f6a6c1

SHA256
9d7e10986cfcccb591d36c13c677517012752fb1669b8073ce225ef33b69c7e7

SHA512
a7c2dcecf1284ea9782c2127d3fbeeee174c4c7720dacbf51c2245ee579c26c4afc4ae7feb9dedb7d1d169177dc83af7de515f9d175b8dfed676e5587728114e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
673B

MD5
0c78d5f586fddaa461f96abd19ac564e

SHA1
9daa711afb9e6713e108a1a21fd5a23640cdd58d

SHA256
81a87cf2736196e91675119083d6e45730b5acb0ba5cc2011fbac396b4c9cba3

SHA512
cfed6edcbe88ccc2ea0d497871853e684bd5d66f39c1319003731c4e56a1439b172c0edc66e909d3bc7d12b50e2db580f89b1157c87ab2452b14e931eea4beae

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
0c6e99ad03cac8434085ef6d9d38a6a9

SHA1
5519d21c552176bf35202ede2d0b525ee220135f

SHA256
5b41f1616a01260ac99cead8632a980f7bd88b4228171784f0927bf75370e10c

SHA512
e3f505763bce59de81e5863622ecb102a25259064c07c9267c054d8231b4e4cf54f876936f712a924646f9819c60f29b84fbbfea98109833b9c18cfcd7ae9757

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133481551069684000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2140-46-0x0000000000140000-0x00000000001DE000-memory.dmp

Filesize
632KB

Download
memory/2500-105-0x0000000000140000-0x00000000001DE000-memory.dmp

Filesize
632KB

Download
memory/2500-0-0x0000000000140000-0x00000000001DE000-memory.dmp

Filesize
632KB

Download
memory/2500-43-0x0000000003480000-0x000000000351E000-memory.dmp

Filesize
632KB

Download