046b8f2d77949e94a1d3d8a2aa3a9cff0a6aba0f664555e420318ec3c125b355

Analysis

max time kernel
7s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

499972f4f129ae52427714b81a2c2492.exe
Size

227KB
MD5

499972f4f129ae52427714b81a2c2492
SHA1

41bf4f9ccb3eaa173368ae7c53c42242daa47092
SHA256

046b8f2d77949e94a1d3d8a2aa3a9cff0a6aba0f664555e420318ec3c125b355
SHA512

7c33fe9ef3c21e882897c38b34961c46702cbda18bfab60cd9877235c59f9e458f0ce51b56e88f2454820331a83b387fc63e3c9009a3f28055dcb25a592fd592
SSDEEP

6144:Rp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3VB/:Rp4wj3t9B7wp+1+w7NSoS3f

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4320-0-0x0000000000700000-0x000000000079E000-memory.dmp	upx
behavioral2/memory/4320-167-0x0000000000700000-0x000000000079E000-memory.dmp	upx
behavioral2/memory/4252-172-0x0000000000700000-0x000000000079E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 3020	4320	499972f4f129ae52427714b81a2c2492.exe	20
PID 4320 wrote to memory of 3020	4320	499972f4f129ae52427714b81a2c2492.exe	20
PID 4320 wrote to memory of 3020	4320	499972f4f129ae52427714b81a2c2492.exe	20

C:\Users\Admin\AppData\Local\Temp\499972f4f129ae52427714b81a2c2492.exe
"C:\Users\Admin\AppData\Local\Temp\499972f4f129ae52427714b81a2c2492.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:3020
- C:\Users\Admin\AppData\Local\Temp\499972~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\499972~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
e53023c5686f48aac3548e9010b78019

SHA1
fcb37103fabb390edb6d13ee2967a7541988eb68

SHA256
6767be7997624d02c00d6fd74b27a2cfe158f90695d3df0b6e3679ba005bf9ea

SHA512
33bd2550ebfb37dc422d5257d7fbd7e51d0f96f9013ad86ea303f0fa658c67c69b1de96fdba49cbcd81a04e0ab594ea0e7ecf3fb14f8a106d198e74800fb0460

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
66b254b418efea88173434296f6f4298

SHA1
66923fdd3b70f7c426961985d6b23dd966fcabbb

SHA256
97c19e80f619253c381d072afe17124e58a5f139a25503d8aeb45f42ee3697db

SHA512
823714ee088370c55d8f89e73178e01ef1457e50e647f156d2ea6f25691568f3789df57f9c376d8836c378eec9372995898b8a206e915a085fd5c60b80038cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
e2093cc8e8fde4869c8a82ec33b5fc6c

SHA1
a1b562c900030a0fea96467bf543d7a7e9667130

SHA256
40a2da31a4ebd7854c0b773daebefa48e7a8d2d2573587b221f56ed4dfe5e095

SHA512
70cbeb447b101ae8c35ed3d025a9ff14e7f0c4a8c5d232586c9b1dd68786f35791519dee2936cfd102873504ec6456efdfcf1ea54a942f45895c523e0af474ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
501794ce561f3120ec1403cae788dcbc

SHA1
a2f9425b29c3f13a546627eeeca24c0ebbaf86de

SHA256
a66a2024f95ae30259d557a8f89ae46a74812d162419d9510ff5ada57f9798d4

SHA512
e28dac0f79e3f4c0cf4b0025072d07f1370ed321dba6af1892a8c42be18d16ad34a3de3fcd183c87b79da84a825d96eef017ecac6f1c5c12275549639c44ab29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
d6aa07403265cd55695c0680300eaa7a

SHA1
29e1e36cd7af660b1a6a1a7dc398cdbbaaea8586

SHA256
e5c43fc77cf2a3813fdf5fa27dab2277a68002f69c589843ecf7a3124e0c2947

SHA512
b42fed85121b237e0e3896aaf7975ef90af3dc39bab8d697dba608ca1db9cc111c036700fe2c300e8fb91c3ef5213a685211fd960dcb228708429743c769b3de

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
77df58195371f647a7e11083c29f1cd9

SHA1
7aec75f3007a974a033ca5c50a325fa9c95621ca

SHA256
ed701ce9bf9bf97023b9efee38969670cabd9761f839f4e9ea2037e67ddb7a0f

SHA512
1125ef753b7f1f0eb74760c8e9f4d0fb1073b3ded67aefe5032e881e25f6a4dbe8b14d8391ad7c1d8cab3b7b47f65a5d2210ec7491353761a9cb5207408296a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
5fc20f2b5b89156ca6279d821e76dcac

SHA1
dc46f5b4111766d5db9b6c59b7365b5c64db91d0

SHA256
541db96f29509fe6e30d91804c943596e6acaf3c6700369dd9e9ba4747383d62

SHA512
9a971f202f5de43cc3f0fd64ea8544f99de3bd275854910a60ce03aa173293089164c86faed1df92d17e377311acee566643c439010b7f96d486208da780f628

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
0d8b1ac7a525635edb7db668cc02f38b

SHA1
fdca73ef454d128a61b2d9f6aba61b7fdc007b4c

SHA256
f727d1ff80bc395ad6e0295a8ea2c238405bc4b252e9810357bc02f9bf487966

SHA512
0a4853604f539cb889a20c39a2e8e7f9e1d26d654277051225743f04b325af5abad8a5a74b29c600f32b3e5a7f8596ff4068e5ddd6dcc85f0d81b22b7dd04c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
594B

MD5
c550f2622b3715dd3cc80a97debc9e29

SHA1
33ca03c34551c196d783010c5b48bfd913cb20a8

SHA256
5ca4e13df474b8976f4affb34149b9f8b439870829dd8b6b1086f4bcb14305c9

SHA512
09fe53979ca35cd4aaa51379c69b30f8363241834e848fade221e1c8de1255f0e1b5e52daa4e4e832797bff815283bbba113e5bd9fdfa0c1b6971db0a842e8e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
ce1904b453d4df42221d4bde98f0e0ee

SHA1
2df45cd5460cc20c94651969127621c058fd2368

SHA256
d5b58048809769d7a841482d562639bf6b4d05adb972d0c5bd01e3caf492531d

SHA512
886e1a8c9e32f2dc85d976a5ff11a6e0c4eb566795e49c93ef28d9a2d00c568283ed45e7ee471fba65181ccdbf13f28d2dd382ab4b121446c844e93044a2b918

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
dece5b254f720d41910c73513157313f

SHA1
93343bd41d3906b7346db5f8899348953548ba09

SHA256
627f6a3559bb83487373b0758b8ca64f96758787c7631278e05dec53bc3d8e91

SHA512
3a5040c561af1b2ce68d40448441b684e8d7d9b1aafc96b91035209e3f44a4549b42d1b5a01232c12d39851ecc364dc2a6d5b0de9b15ca5b2bfb83d04793e890

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133481194236580256javaSetup.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/4252-172-0x0000000000700000-0x000000000079E000-memory.dmp

Filesize
632KB

Download
memory/4320-167-0x0000000000700000-0x000000000079E000-memory.dmp

Filesize
632KB

Download
memory/4320-0-0x0000000000700000-0x000000000079E000-memory.dmp

Filesize
632KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads