Analysis

  • max time kernel
    165s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 11:51

General

  • Target

    1c22d18339f7472d8d1850f4c219e6e6.exe

  • Size

    227KB

  • MD5

    1c22d18339f7472d8d1850f4c219e6e6

  • SHA1

    a3fc89bac4e4c61395a18452f610fb727b00810f

  • SHA256

    1583f826540819b2b44e947ba50f55a453ba8e8593d713c123b147a64c5e0f56

  • SHA512

    3cfe8029bd3b5aa007285b81472ae7030da6bc0f5a675df742dca69bbd7f3004737b15217b323bc27b8df5df2f21ef316133232deea7e2cc5f6f60426811f053

  • SSDEEP

    6144:Od/oKyhlMI4s9hs9gqt8sHE8Ywe3Mox+pqoSSV11:OJhlsnstn+LroSSl

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c22d18339f7472d8d1850f4c219e6e6.exe
    "C:\Users\Admin\AppData\Local\Temp\1c22d18339f7472d8d1850f4c219e6e6.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:4044
      • C:\Users\Admin\AppData\Local\Temp\1c22d18339f7472d8d1850f4c219e6e6.exe
        "C:\Users\Admin\AppData\Local\Temp\1c22d18339f7472d8d1850f4c219e6e6.exe" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
        2⤵
        • Drops file in Program Files directory
        PID:3572

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            10KB

            MD5

            e50a561b26c54fc60fc9cfb87cd979bb

            SHA1

            a102b33a9af7b5db65c40e7e6a0cdf0a667cb5e7

            SHA256

            8e3c7754886fa698c8c5322dde49903ee63f807dda664790ec0cd7ca9daea3ab

            SHA512

            4de1117db60e3006bd49074f984cbf00ed5b963fc6ab450cb50648af20105c99f4436329b8b9f2deab95b831cbe40c1b23396fbd80557647fa5180514a7d3d91

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            11KB

            MD5

            0468836531ab387992b8fba576d90c65

            SHA1

            edd04461d0c2453b1249e78639c87f76d86ace1c

            SHA256

            06d87b0930216a498b2edac670a90de2419a4205bde48ef97f8fe4ae0ff3ae71

            SHA512

            a1584332089356d94a64e93a0459d71aecb046f04871eb7f0fe044ae7f830898fd9af88bc159f07c13486a09d8fb1a226b76077f405d58069a0eff5e25fb053c

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            11KB

            MD5

            53534178fb8b9e6b226a038bc319459f

            SHA1

            8344b8da9a811bb7d1e87e543e4e899dd0f295c4

            SHA256

            df8c0985b9ccdb4988e12a5cb40fefb878d695db42c91a8391bdd6298845ca5b

            SHA512

            33e907a6e2a859bc89777c3306011ddbda26cb71eb5c236f22725803c0ec4735c4d5f573bc792dfe38743f28e1311dd12099787300fc36682263fa29790d6c6c

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            13KB

            MD5

            2e581c41a267adcae409fbe5b006f388

            SHA1

            ac4cd740d51b528a39dc555f1928e777cf33ca73

            SHA256

            6966e5f7ba655b65d65750c52ebea8ef10148d9fca442c8912ef0a38a8c45ec9

            SHA512

            7bdee0d66a783ffd51ff038b64013ac7b245df78e85c0410f21c4f886e43c6587905be7036394dfad2ad01db5f7b966a2d9b5b54f359873612a9644eef398d0c

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            3540dca0fb4df5055c6da091f3131365

            SHA1

            9550c84c2cddcdb89e82f06ee49c5515d01a6d64

            SHA256

            bc466f8daaab7f6e81d745f0d310a1878381fd512c35a6ee37cbd217c07125a4

            SHA512

            8fa0610ee2f6d03537f2e7fc2ec1159f7c0d27823901d588fa3dbb5afbbfd7fbef41cd8bb993517f4abc950d287880a370a1c3efc3b65d1e0c448789acae9822

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            14KB

            MD5

            ccf1147fea978210e22c419a909158ba

            SHA1

            d86a2ccb83b3a01cee6f6b349957698bfb1adb3f

            SHA256

            8655c8de97397315b2a92059a4e6dc58317112ba85114f483c122e2ddf2837b9

            SHA512

            9d6578692c2a8de7c9ab57b8499c14004ef4baad8368f0eb2a60016f2efd45e9cda1921ef02ef45612a4d30cc0f7c495312241bc4b09cea96d4ce3028a69f3bf

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            15KB

            MD5

            69f0228354e90acc413e5ddb3fd41666

            SHA1

            2d59c0a30cf011201c97558d67fe05c16491f45d

            SHA256

            367420c1e477a713e807e19d1a2171540cf64a1786f057ca59bd2000326f9063

            SHA512

            decbf72c2c36b2040e63275d2d495be02b344712281520851bc35889986dc420a5c61417a6e8c7b7a43d5fc42df34297c34bd3e2d012c89a73eb42cd9a38aab1

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            1KB

            MD5

            65fb249128fdb11409efa33c74eae87b

            SHA1

            f1e1b5c0a83aac0bef2166002a9683c6b9bc3a3b

            SHA256

            c7c6be83b04f5cfd45274a51307f079eeb50bf574d61333dbd65978c352bded7

            SHA512

            6a69dd7d644a439f0a77446b39542858bfc30a9ce5a13401103b619d6f570b8fc9cbba31703ad6d25c9fe540a96832372e13638ec3ca94d6a03d4fe69bbc7fe8

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            16KB

            MD5

            0f2bff8015c36addaee92a5a2594ea36

            SHA1

            ac2085eaba2e9b3cdd1cba3061f454beaf67c439

            SHA256

            42fbc5a99946e97f4743db970461e322b01835b30e0f168bef6fa3df6304b28c

            SHA512

            a6b107fd4bad79ce03cb85a56c316b7c542937836d281e3ec724ec5149d0bdf104e0651c81c0bf5801d34bbf9fcab82da00b70805b7099357f13c2ebe407044e

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            e6cd134fbb26ef738771ca209cf5915c

            SHA1

            98e2b033f2262b1d3f6a1c8dfa8a78336f1712ea

            SHA256

            7d5b8195ff96a6630df9f5969e0d171a1355b256e076e3bd3447113e8d5189f8

            SHA512

            a845cfff31b5b390ac8eebf0a997ee4117c5c87bc346088cb90930841b7e6fc55754be53862609461306a32576db6f5b0e5c9fe9e02defcb317d43019bc57758

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            42bb71575e060847b12961be886c3014

            SHA1

            c16bfeabd45ae08c9cea9f1e21d76465c5298f46

            SHA256

            98e14fc2c215eeed1a0af8cdc2e3a7a873da1eb3ca426a593a92a34a8c3b32e5

            SHA512

            afdfc6d09aaecc2d259aa11b75f8537ea2f1171c2089b117faa6990b16d543536daab6340b676abeafbd3687be63a45940524742dbaf1160094e9218e3fe7c49

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            9f2b63cd9cc0c75de249e76e40b30451

            SHA1

            1ff37653abad3d81f478de005881fa00c3a693f7

            SHA256

            e01c6213f4079f994f9350558d64fc9cb837555b52133b50460af2691a28dde8

            SHA512

            23b62eb01f33bfe36ec094a7b5055e6c09eb2e59c799d19f360c0975c7bcae80625ed21197005b6b4f2a819a44246b06f48ec0f38f0511af7bef9589c8e83d9c

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            6KB

            MD5

            51ab946f817b435234dd23ac1fcc42f5

            SHA1

            0ef10a6c3708669506135f7333044c433da26f71

            SHA256

            5fb33b2b14f7d57ca57e801cde5adfe25ce6b2e8003fc9db42570aaf9e8d2500

            SHA512

            72db87f76ac1d0b289db97c35b4fa82ad7bc9bd1fb1dc599bddf45e34560dfd15449121d81ce0183ac80479987114e869471d503535ac394d3043d467f83294c

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            7KB

            MD5

            f6afb2179056f998e2160f960f8e9659

            SHA1

            fdc38483377ff2e370bc16e048aa49595080fc1f

            SHA256

            a9072b1331d7888ebd315e0982a59e2dc5df5d4176f712d0ab53917fc753f100

            SHA512

            df606b9b7d64ac06510602584d70ca62fbed7443d46c89d43e0957a6fdddad68607bf73daf0ffccdfef7e9d9c66c49447566bffdd346598de792fe62b52e7f2a

          • C:\Users\Admin\AppData\Local\Temp\hd.vbs

            Filesize

            245B

            MD5

            d8682d715a652f994dca50509fd09669

            SHA1

            bb03cf242964028b5d9183812ed8b04de9d55c6e

            SHA256

            4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

            SHA512

            eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

          • memory/2712-99-0x00000000004F0000-0x000000000058E000-memory.dmp

            Filesize

            632KB

          • memory/2712-98-0x00000000004F0000-0x000000000058E000-memory.dmp

            Filesize

            632KB

          • memory/2712-0-0x00000000004F0000-0x000000000058E000-memory.dmp

            Filesize

            632KB

          • memory/2712-14-0x00000000004F0000-0x000000000058E000-memory.dmp

            Filesize

            632KB

          • memory/3572-103-0x00000000004F0000-0x000000000058E000-memory.dmp

            Filesize

            632KB