1119734cc864c8cc7fe743f8156f0ee1d41e194106aad72749ccd2f9feb392b2

Analysis

max time kernel
144s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7736cb8173b75debc546b711580f2489.exe
Size

227KB
MD5

7736cb8173b75debc546b711580f2489
SHA1

9f9a18e7c0d7ab949612ebecf9b85fbbf05ee78e
SHA256

1119734cc864c8cc7fe743f8156f0ee1d41e194106aad72749ccd2f9feb392b2
SHA512

b0c0f05b46304a62711e917bcb3d2bf3894a0f4ace408761d58662e77fa26740d7ed9172df79fc73ea577b89520f7d28fb733fa7951f9fcbc9c42304fff8e5bf
SSDEEP

6144:CifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRVa9:Vfk6kDqHw2hmxlrz2HoSRU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/284-0-0x00000000000F0000-0x000000000018E000-memory.dmp	upx
behavioral1/memory/1740-42-0x00000000000F0000-0x000000000018E000-memory.dmp	upx
behavioral1/memory/284-106-0x00000000000F0000-0x000000000018E000-memory.dmp	upx
behavioral1/memory/1740-107-0x00000000000F0000-0x000000000018E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\utils.jar	7736CB~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	7736CB~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	7736CB~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	7736CB~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 284 wrote to memory of 2780	284	7736cb8173b75debc546b711580f2489.exe	29
PID 284 wrote to memory of 2780	284	7736cb8173b75debc546b711580f2489.exe	29
PID 284 wrote to memory of 2780	284	7736cb8173b75debc546b711580f2489.exe	29
PID 284 wrote to memory of 2780	284	7736cb8173b75debc546b711580f2489.exe	29
PID 284 wrote to memory of 1740	284	7736cb8173b75debc546b711580f2489.exe	31
PID 284 wrote to memory of 1740	284	7736cb8173b75debc546b711580f2489.exe	31
PID 284 wrote to memory of 1740	284	7736cb8173b75debc546b711580f2489.exe	31
PID 284 wrote to memory of 1740	284	7736cb8173b75debc546b711580f2489.exe	31
PID 284 wrote to memory of 1740	284	7736cb8173b75debc546b711580f2489.exe	31
PID 284 wrote to memory of 1740	284	7736cb8173b75debc546b711580f2489.exe	31
PID 284 wrote to memory of 1740	284	7736cb8173b75debc546b711580f2489.exe	31

C:\Users\Admin\AppData\Local\Temp\7736cb8173b75debc546b711580f2489.exe
"C:\Users\Admin\AppData\Local\Temp\7736cb8173b75debc546b711580f2489.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:284
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2780
- C:\Users\Admin\AppData\Local\Temp\7736CB~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\7736CB~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
803b3467747d5dbda41e02aaca1e5cc1

SHA1
253b9298cff3fe8a02d776010e1c8cdc40d85125

SHA256
dc68a8e8ff3167c74eabf06f97ea59457bd522029d9e881ed2785271024151a4

SHA512
48876c0d1a5729800cee25644f3cd743952af6ff0f324d27f95bcec7cfd98327e85acb1e2805c601501e8aebce356ed57043a1da6ec2134631664a042ba8c6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
2e84a8ebd1cf7c953ff2184b34b8bc74

SHA1
ba4932a7bba81759180d0d4cdffe9070bd0ad487

SHA256
beb13b771c17beec5d047070dfe5511163269c0d9c50d84118d1d57c991b9ec8

SHA512
4623e7cc40347d47c61325259bc247ad865ff324a7d2b0f3d9b7f2c525eff0c141dded4db624e7f2dfe856a8c34e09614508497273b5bbd96422f0db31697d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
ff9551f15db0303e850a067123800994

SHA1
7a97e1ba150e06271062c382e89fee08705eb4a8

SHA256
a067bb9f3ecf7773c72b2fb6a1563b6a5294eaf55a22ed8e7367d29d17c58382

SHA512
74c8496c4777c328c96e58c61534fe416a0d2dcae2658b3a19f5ab8dec098b131fb92ad763e0875a08103b28bf652fa39ea3ccb92b7a1dc9f7d638bacd7b23d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
e8f202e743bed7703cff18f8478fa03e

SHA1
795d14f8bf22e5a2a017096af31e59636c9e4d7f

SHA256
921aa3e906783b7395a12552d353dd613d9267e8261df50db9f3d6496fe3a7e2

SHA512
87f87f09ddbd16e71863a6700415dacb9c451d7727372c81fbe189c72c12a3abfd714d4f4fe5d306a5b3347b87cfc27e91381134d11800ab51ba2ad2b0fc4d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
6410a7950e4a580d5ed7ef6604e83b09

SHA1
69b3c3f051695fa0acf1396b936a1f6c4c869487

SHA256
a23d9c73cadb0376da730ebc2a5c1395534b2f0e5e75807bc587e1486f4fe085

SHA512
f8e87ec6b73f199624a2eadbde853303a766fe7eddbbb2e50186999598b95e2b5862d07cc1a4491a69f01f40a4e524d66e26983e12ae298e379cc88f5dc9e995

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
4cd6028423b4e2741eb7cf19d776f92f

SHA1
854e638e88829a3a0c2c2270172f9af463ce035c

SHA256
76236dbd775ed7ed5362963a3b671fefe22409d713111c405e2d41be409d0bcc

SHA512
a3fc9744e2ae89ec3d92c10c670e8df1f0b92c0b0bcd97a83c4d9139ec019525d04c420bc93117d426780825b54657f8f278edf47e00ca2d4d61f44d84d881e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
0fec49130766951e5e7ee4e799874ec6

SHA1
814b5e561ef185202834e97715099a135a63853b

SHA256
455b1afeaf7bb7fd1dc13b4047a1686ef2a02c7ff83846146862e904c5c8dcdd

SHA512
a9cce6050db410289d8c2690c58122e036dbdad90625599b40b144e68917b49dd6a43d4ba2ccc835513ff27b5b6be01647acc53875ae85f23d890ca11003a4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
e5e6e43355926b4dff6a10bbec76b79b

SHA1
972f2664f4123406d7c3f86128e31b20b21728d3

SHA256
457d4a3d51c915a3c0c07f7b2848e1cee0d920f1027d59c24ae6e8bd886ab2d9

SHA512
b62b2738f384f1badde225684e803a70542af5352c4eca6d848c9d201a7311fae6c3c1008446b942692c552d5b8e57a0900d5cbe21410963573003f90692d13b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
3af581df15c77854bb0382e8478e3421

SHA1
88d8f264ba04402c09e50fdd3d987bd14ac79db8

SHA256
832302b51b89543c285e834da972a2a5d36c2082f3cf0b5b898c0f476e10310e

SHA512
19f9d087184951115c488367be802aaf3e1c79c9be8fc9ecbda182f33486287ba03160f5f6b51dc801b833919f4ac6fc76e1c3d6d08c3b7315a984e778d02098

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
adba44254b61cc570999f67acc1f2cab

SHA1
9a55451e22ea7617512a5b52c94f33c5460d2465

SHA256
4dbc964681f81e1f4839c43f8c3511b9a7384fe6dc692f53f381494137ded599

SHA512
f3ecb35adfd5daa8c123fc70ad2174b4994acc0cffae8a897f144c06076142c15e0f95f9d82d575563715ffb5d6e9771dcb334c604b808688b12d4d5cc3ab321

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
27d1b968157b3c956be0914a571bac03

SHA1
47b0cd2ed4257673b2c4ce58d7d2a2b84d5fb75b

SHA256
84a54afedcd458abb5300ef1666c69e45ea2b25d63a4c298808d2366b27541d3

SHA512
7a83c6b000a84a522c38f1980bc16933cdfdec04c192de03c722b36e1b5e2be6b9beb0c2dcefe739ce79ec96740a35fca192e7df1ecfbca9984d5b5a4b2194ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
52f552b547df4578691113d823ba2803

SHA1
efdb57c9dabf7c559ea8508a1db3f72cbc638e0c

SHA256
fc6a95b653d4e7b07e5eaf285c11ef68b4294c2c2e5960835ab44593f9accee0

SHA512
eaed47e08cabb333ab8c436c1a2696d243c91bc6a2719850200d9433f90f38b9938cb40147adf9e1d1a78085b10cf14b39b70db31c9f1ef09c96fbb6e6866e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
0d1cf724c72d721a25cfcfb618088b05

SHA1
7754b84f79ada5494adb1f9df591ae0f69603b9a

SHA256
71f77b647af6764ef5fea399b1cdc89cee7f5f0f28159a7574fca69f6ebad4e1

SHA512
dcdfe132ea58da4e6a12a7fa80089caefaca5ff6a330e62157a5b2e1d3486bf9b12beba46eb4c78cfe770da47922e1a6db7d65f390c921c0824d92780ee60641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
d16977fbd1d5982c194a052031d08325

SHA1
0e695963335784c14274e2b3777a22c2a4258ccb

SHA256
b992edf47bcf7d0d6e06ceb5e86bb41a0e13a3199b3ba02f5feb1787dbd8ce39

SHA512
3fdfd50da8ef5d50b9b024943d5449be17bf85606bf0b2711021bfdd30894161591b0106b644c1f446fe2c6a678adba49805194f38b4ecf8602ed9575fe4de57

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
144d039b9a080cb3d936074ed16a6c71

SHA1
aa061186c909bf6d01d6c6b2917400c8875b42af

SHA256
b0211f2855046521509868aa5785befe3b4523d8a4aabfed9df0830c44e932c5

SHA512
e664cd164cc1362ecb3cbc25722916382cdd4a4aea9836a77bf579ec685a010bba1ab8f9785873fe054ce95538d6a4939967628f3a1dfd1eb1642f501a0fecae

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
a7d467192e06ba9ff1af965a567a4486

SHA1
7ec0ba0504ba0dae9ea5c43a0f84d994cdbb8e30

SHA256
f783fddd28b9fea437506f2036d2bfc4398ac017a088f62448cbf9822ad0961a

SHA512
e5bcf6b590fc3cae859365f31c202e5595d482d0effc87d10f56fc139b42a4513f13432858a6802cd5c730d314ea5c6f864ca4cd49f0bf4df7dc6fcab5cfb329

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
ef49af7311c5de793dc46a9f9d6e548f

SHA1
4268ce298c775cd3effc22558216df3d6ba0e92d

SHA256
da8e0fe25fa6e3e35f97f4a3875854dcefe92a02cc3e6d651cede27abd79ffdc

SHA512
e6608c300d7e9d9658b021d069df0c59b5714009b40d3941e90edfaec52b65586e23615670f06bc5ab3111e1ccf326bad8f485f61f349802483bee1d90843d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
060ea480e3ce5f3a202b2a615517b68f

SHA1
e56d399716473c0e1de2bfdb488ff5d145785cf2

SHA256
78b521b5ddfb24bf51ea54fd5fd36a5ca03b501cec96a48c1fda02075e00f778

SHA512
d15f8e12f0611c34d37f5f3f302327d2a608f6ef11b46200faa406ee2952653f1f9cd845aa2680c131b506b31f4d47d43c4f6e912fb066d17ec2b10f54d40e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
1KB

MD5
2a30968ae0e12e9c574e1a475a0c3796

SHA1
863cd8e04dd23cbb63ba3a77a15d0e67adbb52a8

SHA256
2b925709f40ee7856db41487d246cefd4d4e87d30dbfb4bbafc478a3d56db80d

SHA512
098d2cf22b3bc0e66f8233bb016ce2f4838fd92e1d15628ec0c93db1787c1ba4144b98516b1f710102ad0eb15a457bcd0a2908c57257cb2d93ebdab237e51d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
df923302ee9eaa941fed2d51217f1887

SHA1
d60bf548d0eca3cf0322ee40cfce06189b7a976c

SHA256
563ffe7f2960562d36470d2d64a1a5a1ca52c9d4df80976ad8c6f7c398bafdba

SHA512
33526247dcdf11bd289d054af938c57f2f7b3186cfdbd80b9b81c1e88db2f95a81836d93631234e4169c2367aa1ae7b7b113809f9430d00c75c8b8c1772a5a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133482037851200000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/284-148-0x00000000031C0000-0x000000000325E000-memory.dmp

Filesize
632KB

Download
memory/284-0-0x00000000000F0000-0x000000000018E000-memory.dmp

Filesize
632KB

Download
memory/284-147-0x00000000031C0000-0x000000000325E000-memory.dmp

Filesize
632KB

Download
memory/284-106-0x00000000000F0000-0x000000000018E000-memory.dmp

Filesize
632KB

Download
memory/284-41-0x00000000031C0000-0x000000000325E000-memory.dmp

Filesize
632KB

Download
memory/1740-107-0x00000000000F0000-0x000000000018E000-memory.dmp

Filesize
632KB

Download
memory/1740-42-0x00000000000F0000-0x000000000018E000-memory.dmp

Filesize
632KB

Download