Overview

overview

7

Static

static

7

0dbdbbb2e8...e9.exe

windows7-x64

7

0dbdbbb2e8...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 04:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0dbdbbb2e81df5f39dff184bd94464e9.exe

  • Size

    227KB

  • MD5

    0dbdbbb2e81df5f39dff184bd94464e9

  • SHA1

    c6fa3f05eb9fab7df4ba10d3658275a7a8692d6c

  • SHA256

    16c2715fc0c9d47274cfeaaf8a9017883c2696be4975634be18e265db6badf40

  • SHA512

    705d8753d8f34c2d7affa815a217c6c44b31ea97862573623ec5f07830a1f24f0d46b2529a47705c8df341097d279f4162fa372ccbf43cc29d356b35105c1a48

  • SSDEEP

    6144:aifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRVYc:tfk6kDqHw2hmxlrz2HoSRr

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0dbdbbb2e81df5f39dff184bd94464e9.exe
    "C:\Users\Admin\AppData\Local\Temp\0dbdbbb2e81df5f39dff184bd94464e9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Users\Admin\AppData\Local\Temp\0DBDBB~1.EXE
      "C:\Users\Admin\AppData\Local\Temp\0DBDBB~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
      2⤵
        PID:1280
      • C:\Windows\SysWOW64\cscript.exe
        cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
        2⤵
          PID:2248

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        2KB

        MD5

        6a2149868b45b6848dbe7e88dfbc8c56

        SHA1

        2e1365ca2f938f6a444e6fd6c45b224bbb5a4850

        SHA256

        98bf80bf1d953b9e9e42a0fe4d2ec7bec7611e86a0535f723cb2ac71cad33a34

        SHA512

        ed9a59b33873e5bdb3128a86b7cc6fcd92c1996dd93909fa957e510b404c68d9b98a841124936cd47946d729f08250616217731d6edd23255a297566e46e2c01

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        609B

        MD5

        8e22e8d7e48847388f95b24d0a647c2a

        SHA1

        3cbd2762309b98ad2fc378cafcc4171602089412

        SHA256

        29aa844c01555ef568f09a478fa81cec0b0590a1aade34cc9d7752f558f613e0

        SHA512

        a4217c6cbcf7bc7f389ee0c8b5e02da139bd2af5158ecdc2842cdcaeacb2e7f577796e779754ac4b00af0f8e92269389c6651ff277f10e81903c82d8cca19a6f

        Download Submit

      • memory/1280-45-0x00000000001A0000-0x000000000023E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/1280-191-0x00000000001A0000-0x000000000023E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/4768-0-0x00000000001A0000-0x000000000023E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/4768-166-0x00000000001A0000-0x000000000023E000-memory.dmp

        Filesize

        632KB

        Download