336d05b9ee5df325b5e5d8333e6281d9924b106335a27bd8c9fc6ad80af2cba1

Analysis

max time kernel
151s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13b499ecd907df97c466305ffc25e1b5.exe
Size

227KB
MD5

13b499ecd907df97c466305ffc25e1b5
SHA1

ddfb29c024c0353aff7e4e4dffa625bff28cc3c3
SHA256

336d05b9ee5df325b5e5d8333e6281d9924b106335a27bd8c9fc6ad80af2cba1
SHA512

5d1ac540982ea8f697313fa160fb68dd111f00cec53aad966e40cbfb9ef496cdaeb3e27072f12a5c8cfbd691d16f3c8ed9ea31a781f891ad5ee71f9b86a897a3
SSDEEP

6144:aifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRVNP:tfk6kDqHw2hmxlrz2HoSRH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-0-0x0000000000D70000-0x0000000000E0E000-memory.dmp	upx
behavioral1/memory/2636-46-0x0000000000D70000-0x0000000000E0E000-memory.dmp	upx
behavioral1/memory/2200-133-0x0000000000D70000-0x0000000000E0E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\License_uk.rtf	13B499~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	13B499~1.EXE
File created	C:\PROGRA~2\Zona\utils.jar	13B499~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	13B499~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2016	2200	13b499ecd907df97c466305ffc25e1b5.exe	27
PID 2200 wrote to memory of 2016	2200	13b499ecd907df97c466305ffc25e1b5.exe	27
PID 2200 wrote to memory of 2016	2200	13b499ecd907df97c466305ffc25e1b5.exe	27
PID 2200 wrote to memory of 2016	2200	13b499ecd907df97c466305ffc25e1b5.exe	27
PID 2200 wrote to memory of 2636	2200	13b499ecd907df97c466305ffc25e1b5.exe	31
PID 2200 wrote to memory of 2636	2200	13b499ecd907df97c466305ffc25e1b5.exe	31
PID 2200 wrote to memory of 2636	2200	13b499ecd907df97c466305ffc25e1b5.exe	31
PID 2200 wrote to memory of 2636	2200	13b499ecd907df97c466305ffc25e1b5.exe	31
PID 2200 wrote to memory of 2636	2200	13b499ecd907df97c466305ffc25e1b5.exe	31
PID 2200 wrote to memory of 2636	2200	13b499ecd907df97c466305ffc25e1b5.exe	31
PID 2200 wrote to memory of 2636	2200	13b499ecd907df97c466305ffc25e1b5.exe	31

C:\Users\Admin\AppData\Local\Temp\13b499ecd907df97c466305ffc25e1b5.exe
"C:\Users\Admin\AppData\Local\Temp\13b499ecd907df97c466305ffc25e1b5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2016
- C:\Users\Admin\AppData\Local\Temp\13B499~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\13B499~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
1183d566c6330c49ea1ed291b5c366d5

SHA1
5eac577b08a132c60a626e8cffd549ccd7166399

SHA256
01499c616f9bd80ca163eeac9f2231364f3ba0c9c51b2af8867650edbb85d8d3

SHA512
55171f5006c6458390b614d2b0f6bb291ceef8850b6ed0f56fc96097fa7127e9f7b620d8baa7acd2f91ce100df7c3cf48436d19699c83fdd191b01c4c9c2ed78

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
7a1a8fa2309fed7f8a3ab307c00e0063

SHA1
c6f3c92fa87aa772b70eff1ded9cf979688031a7

SHA256
18c1b6605ca19fa41b2330e5ffa8084a6fa042db28599e3cff33679b1be57182

SHA512
e0d96b8d341b8e927635753a06f83d4e4937a4dac319f08eea21c5aa48f4276618bf8fe8c3fea3ae7b112158a99cf098af04c153e864e28fb319b62a2386c861

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
6056b1b2bb7233894b3f7d1486cae0a0

SHA1
1b4e3d19f080fa7735c8abd811a4bbb64a41093d

SHA256
3f2100d3043e4cb297449a190efb04befc54cb458f382be7a5efd57d728b31a6

SHA512
84f4f869fd1cf58b711b417625f584829723509a7de23c8fe2c82b82564ecb6036ee7ebfacb3195fae1c031a6f7e7c7f06712f07b6b32c08ba4c6e9cf0abbce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
7b35c9020951d20afbe9e4f91945ffaa

SHA1
bfbece64cbf7c64e27955ae132d4067dbc009778

SHA256
7d8627abdeec00e5bbfcba3d232e2b10e10d7c6fc1b6e98e571c7a66487f479d

SHA512
9e93f636c6b543e989f18a80a7ff1ae51cd08620ecc040fa3b3c2d7cef25afd8b8a2656cdd549c77c05dc9b2076308cbaa657899cafa70416e804a0ed93bead8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
f845e6221e7144efc9cbe6c1a06a4aa3

SHA1
27bdfed3060d21b83987e41b14cca7a8e654654e

SHA256
cfa5a6d0fa1d4d64de2778e42ba9b887ebe9630f97160390dcf37de9bf410f99

SHA512
d78679a622293bae6c072c69fbebdfbfac9a342be2ef8d3569368de7964c5e6b17242110d94337ad2ef81de98356878dcfd3c0f73b068a42e3cc1bcad54b3803

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
e2a7bc6fb872280f571b74f1f1c8bca5

SHA1
6aa865c190eaec40c95756158d84da29071c2ba0

SHA256
ddf82ed99698d40da12d844727bc83f34fff201f35f677d0a28e8f5be266f336

SHA512
662ddd5a89134d7abadd604e7f1ab0a87dc5a52a30692e6511f2fec53039d6a31f8b4d8fa66ad3677762da3a69b65a70808f40093318fbc8c8285a7dc484f39f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
c86ebf320732662e522cdd8001b3a1ea

SHA1
013698fc59a1ad14a645c16731e05a28d9522e8d

SHA256
7098fe04d17c187004e8011da8a503e1c07a5512d1d4432d0e2d4ac96e34734a

SHA512
10d1be20a8a1c9be6111c00e5d9b213da792c0bbf8f688f163136b190cad71991adaa7c78d7a05703cb0465889c51746a6bdc3f3dad1ebe295ea698d54f07677

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
26e0d07ec5a850fc3203efda78bc16a6

SHA1
c9a0415b98d26c89914f775122d9aafeec629973

SHA256
a7dfa403caf09f69ca231187d89dad2ef5e605c4a1a043086e997d67f38cb0c4

SHA512
a5c2db51ef6ea9346263241c19b1da18321da228f43189eb64c1931abf02de3650a553ca0b69e4aa3b9dc9431869fda52760c309ffd2c7dbd8f187d3243aee1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
2KB

MD5
14ec40d42e7ad619a561b7e2771c1aeb

SHA1
b49f8bd808c0344091f02978b16b1cf12fe70966

SHA256
c99d3ced3acc3bfb0a8606b7d21ce77eac888af2468cf3249998470677429912

SHA512
a88e5bb6fa47781ef0d32f4ea773bd3d07cf41885e46c035b61a10ef4aa26cf7ff68d3c7f02080c6d6455ec924d37b2d04767e88fd7909f317d4cceed3cc4339

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
ec8aa24babf355c7bde03805e5623dc0

SHA1
88f50e78f2aba239db119107f4fb582463c1dd91

SHA256
2f98bfd57bebbe5a577897cefff3a07dd5c21958b66f1c3443730f84cd9ad2a7

SHA512
2673b36908caae19d4cd7b4c9814e176f9a17c76bd957733c19989d13b913429ff96cbb2fc4064aa618c0e2144c8d1056a57c1adc64c209a061afd7538a5b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
be3d12e03c1bd5fe809870bbcbd12366

SHA1
04876ae5605fd5556f5c59107f013b43d1d24550

SHA256
663741a9ea79947293a1a488db71170182e8de44d79c7b38139ac41645f89120

SHA512
a9aee1033f490dde3c06fb47738649c469dea9802a2aadaf1f552e8e947807477669a40a115eec4f810bb1cf60f714f70e06ace047af35a13e3f7ed22c7aab6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
6eb6eda51632b93c5ab94a3e4aaee9c1

SHA1
c7abeff571ca8150be3694d912e236a6b63a886b

SHA256
885d65f17399476ba8f7ffd066ea3b2e50796a8fd1c2a5f82b1a751f915de66d

SHA512
11a187d54325a49dbd63cd39b8c4b02d50721a5fe3694dd8165974d4ca1a92172122cfda1d8649e2e04add9b844ee129f67d96a986a72524e79034f893a02fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
e2603a1fb58c9cb0923a152b3b9069fb

SHA1
42ea9e390236df73f6edd8291a733aad161d8595

SHA256
f567617ffd69dc316785ded22cc438610852eac147fc639b4f687bcf71bfc269

SHA512
0e4f29d1895e7614ac4bd4f5dc72bfb20e6e9b676701d5fec07dc344f61c7c85b4601f7190f17cfb5050b08f4d464acaa6075f4d19c0137cec67e6d141a2e7de

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
a673afb6bb8b8f8aca2eb92ff18497b4

SHA1
efdab4e210926db2ab3e88f71a817e88b5943a32

SHA256
a7b3e4e6e9e3e0571bb6ee4ee27dc32d23a69a922250d695cf48fdad4365b0e3

SHA512
2bad20caff111f8f223ccc3b592ece9eb631ddc6b16cca6cf15343253ff0b8deb3f84937ca2bca6fd7f509d8505167894a791a2360cab0e9a67c3d37b19a3a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
8471e0691c27c5fc2608fc65a936f4ab

SHA1
f2a2f068d155bae5f44cb085eca969a9732a9443

SHA256
1cf9fd3fe4b4d481bd34c6bceb91fbdc8a2590cd3d13a45946b76d2aeaf5c996

SHA512
6698d639dfd30772c2c27925be6aa58577ad21286adcae3288f081062395823aab84432c0d605320dddbd3986347b097f901fcefa468a94a69149f3589308df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133485917311396000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2200-133-0x0000000000D70000-0x0000000000E0E000-memory.dmp

Filesize
632KB

Download
memory/2200-0-0x0000000000D70000-0x0000000000E0E000-memory.dmp

Filesize
632KB

Download
memory/2200-45-0x0000000003700000-0x000000000379E000-memory.dmp

Filesize
632KB

Download
memory/2636-46-0x0000000000D70000-0x0000000000E0E000-memory.dmp

Filesize
632KB

Download