218777779b6bf23b164dd5a0075b9fc490a999b0cd7b6232ae4a62d5c61f71e7

Analysis

max time kernel
169s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

10a05e4b91c48a6a71e9abf3a6ec4707.exe
Size

227KB
MD5

10a05e4b91c48a6a71e9abf3a6ec4707
SHA1

c80dae05aed985b67874ca48882fc0cc506da77d
SHA256

218777779b6bf23b164dd5a0075b9fc490a999b0cd7b6232ae4a62d5c61f71e7
SHA512

031441da8270c0e4e9b49aae962bc59670b5fc1b81d6f5d6b5a756e63859d6fd70406ac6800f29ac776e010e1aedd3885ad457c8241aacd1e657accdc7c40841
SSDEEP

6144:ld/oKyhlMI4s9hs9gqt8sHE8Ywe3Mox+pqoSSVp6:lJhlsnstn+LroSS2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2748-0-0x00000000011D0000-0x000000000126E000-memory.dmp	upx
behavioral1/memory/2748-38-0x0000000003270000-0x000000000330E000-memory.dmp	upx
behavioral1/memory/852-39-0x00000000011D0000-0x000000000126E000-memory.dmp	upx
behavioral1/memory/2748-98-0x00000000011D0000-0x000000000126E000-memory.dmp	upx
behavioral1/memory/852-99-0x00000000011D0000-0x000000000126E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\License_uk.rtf	10a05e4b91c48a6a71e9abf3a6ec4707.exe
File created	C:\PROGRA~2\Zona\License_en.rtf	10a05e4b91c48a6a71e9abf3a6ec4707.exe
File created	C:\PROGRA~2\Zona\utils.jar	10a05e4b91c48a6a71e9abf3a6ec4707.exe
File created	C:\PROGRA~2\Zona\License_ru.rtf	10a05e4b91c48a6a71e9abf3a6ec4707.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2556	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	29
PID 2748 wrote to memory of 2556	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	29
PID 2748 wrote to memory of 2556	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	29
PID 2748 wrote to memory of 2556	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	29
PID 2748 wrote to memory of 852	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	33
PID 2748 wrote to memory of 852	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	33
PID 2748 wrote to memory of 852	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	33
PID 2748 wrote to memory of 852	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	33
PID 2748 wrote to memory of 852	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	33
PID 2748 wrote to memory of 852	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	33
PID 2748 wrote to memory of 852	2748	10a05e4b91c48a6a71e9abf3a6ec4707.exe	33

C:\Users\Admin\AppData\Local\Temp\10a05e4b91c48a6a71e9abf3a6ec4707.exe
"C:\Users\Admin\AppData\Local\Temp\10a05e4b91c48a6a71e9abf3a6ec4707.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2556
- C:\Users\Admin\AppData\Local\Temp\10a05e4b91c48a6a71e9abf3a6ec4707.exe
  "C:\Users\Admin\AppData\Local\Temp\10a05e4b91c48a6a71e9abf3a6ec4707.exe" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
3f3d2663147877ae3d287cb1e4f352fd

SHA1
c11a616a2d07c4abc2daf2d814e298804b4e441e

SHA256
be4dbd268a17dc61e42db61477ea981641b753c4049a6a98dc7ce8e20afb3dfe

SHA512
e0a13c89f2edd07731b9777b1e72c698945aa4763384ee6485bfd1b99d4e20e76c68a3e5a3a2e270236dabacd286c8d039d9fc6fd29060bfbd2939ce51487720

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
c664e4ab5eeb83210731a4a67ec01f0e

SHA1
7b61de813391449a0272f47236c939ad26f93957

SHA256
4002c812ed4451d0942688edb8220c6f8da2633dbce81e29af1d95971b17c4f0

SHA512
d89bda23fef0b6c51fd0e814ff7a424911e73a7932869bf9928eb5c8618fc553e44119791708dea1c35b0a3019d5a670cca1efd01ac798c0865aead0f9f2160c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
d28d09d2fd161590a3e006538f63d117

SHA1
23012111b8bd8ae9c0f8306580547a4b48c81a10

SHA256
4ce93b75bdf9abe6a8a17c4693abb9fd2e0d7feb8de7ecc3eaa49bc679e0b126

SHA512
57dd3bfa7e70dd72d353d14569b1afb2eb138347fb4bb8c8225d4bb49c0b61ca50ad7a61717625d417ca7cb1293e63fbab1d4fb9901385c1c7d775e66f3d0870

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
cab80fd52c5cf35d98c905686884f29f

SHA1
525fc40e38e0915052bdacc47eb0f7c68e0ee559

SHA256
64681c7c10c3e6386a33f363261738d00489578cbe39acac0f62267ff00455c1

SHA512
c02ba1a9f51f4230985401916423b7c72c791ffb78b89f9835b3bbb3499f8f73fbf854450fc0bb2a7661015194bb080bdda445c2dcd06c5b3fb19fb92ab62a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
9e44825db3225b1f3135ef66e2462b1c

SHA1
eda6a3ad8d299c2bdbf0f1730fb017582c3c65fc

SHA256
7b064961325563875ad8fa4970fcf657b9c0ac48942a7f888fef132663652c11

SHA512
8eaf9912a176c6392602ac724c83203e18d2f77b480f5b4ed7f4e5a6db29a1f64b1e5c5f09b7ae13803d0df35b703a4f361a70100b34325e9a1ac4a2eb7ca0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
15KB

MD5
710074c024c03d1b1df5f53422ccd1ef

SHA1
5bf3db703eedf5dcea72ac14484e1f6d23a5d4de

SHA256
c173237bd175d29cc6728521790cfbaca8a24f3334339bbd9abf2da33fb45261

SHA512
84931e1b4b5aacf0bc9da76f6fadf65fa0b5aa782f2528c8a8787ab1dff63613e82fe915cf1bb2b62650d837aeab95c34f61e8312593fd33da65cf831bf47098

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
1KB

MD5
f21b670f858a322487a8875f40fc9e31

SHA1
a1dd465a8a4bc890b3206bf37f718c6160dde2da

SHA256
7802b9bd79df2bfa85a92012eff789a5088f19b39b3fc02e4fb1ccaf9d6c89a9

SHA512
35d3a16317e43c73eb668e86a8ab8623742574ca81b3bf5af12137454aaf8cc0ac56d96e0dc1cf808885156ce4f94ce5de78eaa7601614a128f6a67a8a67c524

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
16KB

MD5
a6fe25351dc57645208b1280ccf195ea

SHA1
153937d3ed9d9c73729b59acd29796fe51b20574

SHA256
2965058b28c6a8cd781984159a94436a788af2187b20c73e5dc5a018c3cb74cd

SHA512
94b27fc26542c6f4b5f58f98db2e75c47aafbe1df74317a04a7d52b5aa0a28db6544a2c9bad5e3b1e68c2924bc9a19658c84d5b0bd3b6743934a9e0e13a6cde3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
3KB

MD5
c7d57202e6e7214ec3164276d5753032

SHA1
826799e586e2c1bfff5342d21c7816f440e0e76c

SHA256
44cfdc99c8196cfb1c9afb360815e422cfbb00adf36c2c94d60b9b0ac9e6932b

SHA512
7696a183cfad5d90c5a39d58498a2e87db09a872c6840cdaa5fc43b63302655c7261bf1158a0d5870b9fbf894714eaeb4ab3c6183da1eb34c23de42c83602b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
ab36ae061046c6ba137609822ae5802d

SHA1
a273ec5ba2ec2c0f986cc66341a71f011c364ff7

SHA256
7c7a2a7e9c8f6b66aa791e78006dd18a6ee8196e8b21b8949c85e735fa693dc0

SHA512
0628f1a9bcaa9e31786a52d69bb9ec467b8a5722c65cf8f0cfb4939f7011b4fd5e0a1b0cb96333969a19e9683905f1d758a6a6736941a86d785c86746fc1c260

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
34222bb0dc22c1ec542e7b949752b362

SHA1
2aed93cc16476eef301a5bd7b3f478bac0cf4fd0

SHA256
ab589cdac5d0670cd17ab39ba4c9e0decc72474761301d3ec868d59f6244cb18

SHA512
9c41e1a252cca66dac08b7a25a2cb6ab30e8da1d326e967f64c70f1ed2bc8d4718f9321de2d2237e180090f475a297c29d5494ce9263bdbb6b8a06c9c326be9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
12f6bd5892a01b1afe7322d1e965b0a5

SHA1
072519d9de2bcbf84ac92c1fbb43ab5618beb68a

SHA256
2d17fa618bd8c8afad4874dc2279b6011aee4ae43e35a5d840275180087f3996

SHA512
76a02c2eedff5a7a637753f45f8669f5425d950d1c930a4cdd683e7f95b52cfb04f2ad6733b1fcf5379d348bfe2f53841dc639214c236595285b8b03da84d71e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
c26f9687fea5f118f5802ecd96f78ae8

SHA1
a44e9c1abfd95d1e4a30b2e93fb3ba4c91f78912

SHA256
413bbe0989035a22eeea3994ff709656b78536ab45ab360418c891880b07b135

SHA512
f43a96161f4d599b28dd6264a0e98d8a312a4ac9091744729c6250032ae12d64f0dc444187d5e73300bcde43e566f62423e625f30bb977005ea9f3535a185d49

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
7b9fd3ad16fdd6c08ba72cad8a0743c3

SHA1
15cfe0fd380f67e637db2585a66bceadff42ceab

SHA256
8e8c73a3cb3f4bf572e53d7db15a5ac9991769135eacfef754697d69972ee2a7

SHA512
e2ea0a8addb61e159315e91518fe15929f6eb98381fdf566c35947308951ec13f8f24efe3ffe6570d8a0a7eec8572e5f70155122a271d18bfb4e2706f09e7717

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
eba735c33435a3a88d38bf834c5a8408

SHA1
690ba87aacabf6c0567f6f13c6d9fd871cbe7906

SHA256
8fc83a19e8aac78b3c84acea3845d5b464104ca3967488a6a173f2e86ad544f8

SHA512
88e763c4a27f84e0331082a32eab7fc758a2c8f5905bfa443ccf33eae492770f1508c638ea4ddaa9ed3b846551e7f00d3fcc64da5dff4c6e17e717a25d097b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
b7a6a980f780459557dd6e134a1d2cd6

SHA1
39053f61d2568610518622188dac6ad953350ba7

SHA256
07e6d67844861c40d785e715b0cf4b248400b54c2e5aba96bb7e81705932a4d0

SHA512
0afcc252b25eca3479149bd70932a34d7d9bfb6d57bc7de028364de844d33523c1053511e00f8f68e81938d646120c57f155f80ebd5cf8627c916bc884eb1b65

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
memory/852-99-0x00000000011D0000-0x000000000126E000-memory.dmp

Filesize
632KB

Download
memory/852-39-0x00000000011D0000-0x000000000126E000-memory.dmp

Filesize
632KB

Download
memory/2748-107-0x0000000003270000-0x000000000330E000-memory.dmp

Filesize
632KB

Download
memory/2748-98-0x00000000011D0000-0x000000000126E000-memory.dmp

Filesize
632KB

Download
memory/2748-0-0x00000000011D0000-0x000000000126E000-memory.dmp

Filesize
632KB

Download
memory/2748-38-0x0000000003270000-0x000000000330E000-memory.dmp

Filesize
632KB

Download