Overview

overview

10

Static

static

3

0248d12043...a8.exe

windows7-x64

10

0248d12043...a8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0248d12043a89c5a09575b1ddb7cb1a8.exe

  • Size

    200KB

  • MD5

    0248d12043a89c5a09575b1ddb7cb1a8

  • SHA1

    9e1448c52ebf3058240c8e999135a89333042451

  • SHA256

    94401a60a965a84403aaff4e16f72c962258e627d77f647e0880a7db45822825

  • SHA512

    676b080d006fb9a6f5a437fe90e3d84e3b4e7d97d7441059cc021207c7daf6d512465b93ad3e8f0032f12d6c0a01c910686874dd588fdfa01608d521e1decf59

  • SSDEEP

    3072:9TtcstTstk/pSBAFtbCduLCADMcgg7keaO:xtcATstk/pp2ADMVC

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0248d12043a89c5a09575b1ddb7cb1a8.exe
    "C:\Users\Admin\AppData\Local\Temp\0248d12043a89c5a09575b1ddb7cb1a8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Users\Admin\zaode.exe
      "C:\Users\Admin\zaode.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zaode.exe
    Filesize

    200KB

    MD5

    0338927af92ea6d6d23dbd5c11bf8c15

    SHA1

    06f311af00d2beec779a3d93faeff06e007695da

    SHA256

    f69a3804cede19053594d54cadce95a5b77a85008883509d3b38474d48f3dd31

    SHA512

    d9fd047ff1a1e3b8a097c8b2a437f2f31e30ef804f70eaaaffb9d831c8f48af60123e40c3d8a5e01d51654d553cc3679827a75e004cbbd61154f01e2a652d8cf

    Download Submit