5cb7369b0d226113da586c3cb83e8bc24ac3db6bff25cbd38ddee366b716d93d

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1389181c929de3fd839b8d34457b2dc5.exe
Size

227KB
MD5

1389181c929de3fd839b8d34457b2dc5
SHA1

9f160082dbf13bdefed4d2209374b10382b32726
SHA256

5cb7369b0d226113da586c3cb83e8bc24ac3db6bff25cbd38ddee366b716d93d
SHA512

a7e6355c5e88ff1d339a1976a0e0a8e89b8e77f087d97dc4252bf8de30e1d35a15c5eb584923882b93ae6b6448dcd04309f360a6eb65fa08b9193c0b8cb51944
SSDEEP

6144:xp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3VYK:xp4wj3t9B7wp+1+w7NSoS3Z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2492-0-0x0000000000E00000-0x0000000000E9E000-memory.dmp	upx
behavioral1/memory/2492-45-0x0000000002D60000-0x0000000002DFE000-memory.dmp	upx
behavioral1/memory/2492-140-0x0000000000E00000-0x0000000000E9E000-memory.dmp	upx
behavioral1/memory/2092-141-0x0000000000E00000-0x0000000000E9E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\utils.jar	138918~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	138918~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	138918~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	138918~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2748	2492	1389181c929de3fd839b8d34457b2dc5.exe	18
PID 2492 wrote to memory of 2748	2492	1389181c929de3fd839b8d34457b2dc5.exe	18
PID 2492 wrote to memory of 2748	2492	1389181c929de3fd839b8d34457b2dc5.exe	18
PID 2492 wrote to memory of 2748	2492	1389181c929de3fd839b8d34457b2dc5.exe	18
PID 2492 wrote to memory of 2092	2492	1389181c929de3fd839b8d34457b2dc5.exe	20
PID 2492 wrote to memory of 2092	2492	1389181c929de3fd839b8d34457b2dc5.exe	20
PID 2492 wrote to memory of 2092	2492	1389181c929de3fd839b8d34457b2dc5.exe	20
PID 2492 wrote to memory of 2092	2492	1389181c929de3fd839b8d34457b2dc5.exe	20
PID 2492 wrote to memory of 2092	2492	1389181c929de3fd839b8d34457b2dc5.exe	20
PID 2492 wrote to memory of 2092	2492	1389181c929de3fd839b8d34457b2dc5.exe	20
PID 2492 wrote to memory of 2092	2492	1389181c929de3fd839b8d34457b2dc5.exe	20

C:\Users\Admin\AppData\Local\Temp\1389181c929de3fd839b8d34457b2dc5.exe
"C:\Users\Admin\AppData\Local\Temp\1389181c929de3fd839b8d34457b2dc5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2748
- C:\Users\Admin\AppData\Local\Temp\138918~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\138918~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
3de47be2ac558e8804aace0c546401f5

SHA1
1b9bee0182de98a6942b60c1a0c98f0eca24da5f

SHA256
30f67d9707615e046f97bc80341c39e5b506ed21130eb3ffe12288ccd93a5364

SHA512
8a2e867e7c3b1126128fe12bff6755db08eab23c933904ccc4bbb3bd9f01c3161528faefdff33a5d7d06a865d530e76cac30e00212540b351222a7f2ee922a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
cec37d6557cc275e20b060fb98837eb3

SHA1
4bcdeb664e15bec780299cb089718dddc0ee2536

SHA256
6f038232de2a7424b4bf6a398ba805038d034716dd2f4a7a72ec36ff7193a319

SHA512
72eac21d9f840456e3c9183f43a289cdfd3553c5355dd959ff6d950f8f4c9182653ecb5b8d6efecbacf59220262af1b2180f87f8f27264990e14ff3d61545c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
010975f2c021f9be747ddcdc170ff64e

SHA1
558578505c6da5696cd4599ab23c62bc026a5549

SHA256
1b9e2e69e9894322a0230bef34afc677c0b45e4dc556421da6e7302cc9e0e46a

SHA512
1bb070fb3a446cf5cc307a7ddf1dfb542a9873517ec313bb9519c2d10e031dee4e307dd73e57b4072ade47942aee94ea2f6800e874924edcd96ef69e1395a62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
3ac1a1aa302c5e003e6d5ea42f583b09

SHA1
aa5ad86a7e4ac605b43577906ba6b496497ce1b5

SHA256
c236045aa3f88299e2c6a2481845569fd2fdef8b8f5b500673182fe4e8efbdc1

SHA512
f3773e6da6483f3df511df84f571ab789486f8050b795b92b4320f039a6a127bea5a169898b677311aa8b1f92105824d72203cb41fdaee35b9a874f6ef645edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
e9f4768579bf31ca24c9b594bf4d108f

SHA1
b78b8a2c1f9229ef664bbbca0aa455a6c9b890a8

SHA256
2552a021bc0a554e845e52bb988900aca4b72ba26e1094bdaa3389b7d7aaacdf

SHA512
e71726040bec6640275871aafb9693e51a325d6fdfbbbc762eb63b1e90a4323d7a7832de255f168e8e3033f2271657a4a0e69c2d0ffe04cb3aaf55e26b311be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
15238d3591064205ce0aff4f0d2c7240

SHA1
0861ca551675790915531b60dbcdd1f9e32fbf52

SHA256
16acf42b969e94cb6c940297db1fd00ec467f8436b6f6541d916fee1b4dc1f37

SHA512
fc98e98b08b43fb83e86afd2166aef64ed1b9c8628ae1ec404350da0e1ca11dcebe1c60344d42da1f9b96d9f8ba02cfb6fe0b7ae909eb90bf7b41d5ee9aa021b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
71e45971a740b7752f2da82c7dffcdfc

SHA1
8a82e5983347dbecfd89349fc0a366585cadb2fa

SHA256
8d152a50f4650014d91ff089a6e43359d8df31ddea63a03e672fd3c1af473a10

SHA512
85eed9360f5a5182febc7e5fee40db62b6d40fa2913c3e2a71222ae2ef35a7b0aee9641bd52a83e67d21cb2919d62eb16919f1cfb34931b0ff53854529de13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
0ba75d8bc59e75cd1301b2a402d04e98

SHA1
b33318212ba596821374d3856410318b89e17b8b

SHA256
f71c537ac66fb61bf8bedbe40768c8bc5f9bc92b1d34fedc7ec65f3a8cf48c3f

SHA512
a7fef2d3ec1479c593d95040549a86ff7f486b50863f428e0b677c5053992f92e999d6446b2d5287bab8013800c532688d449b8224235cec718890937ac3ead4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
ff769e09c1975d690dbf60ef05aa39cb

SHA1
3e3e3816b8e97f58a17d96b51b0b0230ebe826a5

SHA256
4bee870b88139696742ba968268f924ad4562bc343029fcfa3325b569cb4d44a

SHA512
f85ccd2bdebc8baa5a22d69df97844b673a218880f44db640463c529491ca0b0c2097691beee949ee7077fe62bf7394ae7c3b83ea8eb5928a804ba78dfa44ba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
38c06190b94db2615f8839a34f264e41

SHA1
2aea7b33f2f563cd0fb07c0f18ad4600a04417f2

SHA256
6321a520a917c2109091e8a8bfff4c2e9103a7b310c37a290c171a1cc786013e

SHA512
5b033cded120aa073532bc9e91c39459d2250d3c9ecd5abbeaa8ee8d65f57bc4272a1e9e25988ae6e70635f051208aac77314a68e3a98d55e720fdac0d447949

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
822f6fe1bb5bb7726403251265b23247

SHA1
0df6695c2a392b89a482f05b42562b977ce2ea5c

SHA256
d031b1b410ff4da044e2501de4eaf53978d97a347e2f0433beb83ca5394f97d4

SHA512
8652ab027394b7eddaa4a1d1659f9732697faa967270852a8346a48fe9d1c3c8b43259d93ddc621579c1777fec998d047ab1a30fa887a347777ce4980ae308bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
4c125da0fb0ad20c9ca87a5888c2c8b1

SHA1
2aab86255909cf425d51d57b82f89fd58c85c186

SHA256
e58d65e22a9c687bf65f4ff8746d4e410d417416929d77c6f631bc02bd788b0d

SHA512
36cec3ff05055fc3a50aba3927294a5045d801d29c8055eca253baa0ae0d1b3eedc74ebfc75b8a266468991d58061c0f256f5ef7879674e6259acf61477a0ed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
e76072071e5e5af81061483b1863f649

SHA1
6f25e0462fe4a7153acb9b95b40d0c31727fd447

SHA256
6f437cbddbca6ff0cb3e5a25a4321782b41be481aee18ac14afc3a84715439c7

SHA512
c5206983a0341f80adb522903088f5c709ab4a1269cdc474a830d891eb7efa8c4b0fcc6da457ecd2ad9e24141559a93d397e18ebdea7156e085eb0923e60dfa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
f6ba0ec512c1ba6f0786e6a8af34fd1c

SHA1
58870d6dd6e0d1eaa0a85352db0105de9b7e775d

SHA256
f0d1d680c1b8f117bf15d812ff45f7705318e01c8c714127b2cf3b2ee59bfda6

SHA512
30e6bafdfd13762f703efd4ee4a4692df1755a2bd47fcb0cea21546a44508b3d4b313da01b7ee9502ac975acdc5b9885e37aa55f9eae6d2c7519ebb9d2a1d6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
77a9fcb3034e29796bf3f63fd226dd50

SHA1
dcea276e50ae24792d93ae0a8920762fc35084ec

SHA256
623e2db8c1a1f5e1b6d863ad66e88c031a81b98e08e20ec8a1d0f3775caecbca

SHA512
2352990c359b61fdbd7bb4f415eeaad4212be520f972c545ca7e68b51161f492630643da06a07fb9cd1960067b9680613d656709c5aa643637d33c017b09186d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
2d9b391163414e9d8a3fb8a6708d13c7

SHA1
297c884ede6af522c06893e501cb1779c074589a

SHA256
c4d3dcfcf298687cbf075d2c0866e6746a2a55a81658f7cc238feb4b2b9f6189

SHA512
d22af21f0d045638fd6c96d70439dc52cc54b37e79713d31ae464d4ad09480996a557e2536907e3b4eac5784904cb307a16d32a7fcd96b0dd1b4add838ad4460

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
f7d92c80bef97c256259f751efc47dd4

SHA1
9287cf1946590de2325004d8ae937f1271c25a05

SHA256
695597bfa613928d6757939c9e4cb7de2afb34fcbbe6a57a8c6508a1a91054f3

SHA512
6f9d5f32082b067c52067bf6165b3ff44557cc50d251f8a493b50382012f0f8a9e87ba50ab475ac3e22f5be179e0f18e58700ab2c8f350084660137911757644

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
776fecd0ab1d6d11c86334a2a74c4d8b

SHA1
a9416a0170d45839075f6312fe5cb2ac1b7f9d7b

SHA256
1f8bab3f63fd556241cd305818b5ec1d0f03c9f601f48dcee7eef251cd74737f

SHA512
932343802cc39e0c3be37aaf3d53b5643e7f395e1b7b8c685adad661e0d645bd142f2872a6308ce62ece8703bf48572138d8776ab6cb10f443cdbae1db9feb71

Download Submit
memory/2092-141-0x0000000000E00000-0x0000000000E9E000-memory.dmp

Filesize
632KB

Download
memory/2492-140-0x0000000000E00000-0x0000000000E9E000-memory.dmp

Filesize
632KB

Download
memory/2492-0-0x0000000000E00000-0x0000000000E9E000-memory.dmp

Filesize
632KB

Download
memory/2492-45-0x0000000002D60000-0x0000000002DFE000-memory.dmp

Filesize
632KB

Download
memory/2492-46-0x0000000002D60000-0x0000000002DFE000-memory.dmp

Filesize
632KB

Download
memory/2492-211-0x0000000002D60000-0x0000000002DFE000-memory.dmp

Filesize
632KB

Download