06662e12a0f4acd03e02901b5e8da36bc4745e0aa2754f6694419320caaadb90

Analysis

max time kernel
143s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1802ec142f1b92d1c0887f5d048d27d7.exe
Size

227KB
MD5

1802ec142f1b92d1c0887f5d048d27d7
SHA1

35c5407b70cc96c32293eb9a772f6f41feeee42e
SHA256

06662e12a0f4acd03e02901b5e8da36bc4745e0aa2754f6694419320caaadb90
SHA512

7b6ed220768880f8dc3701de8ecafc79c36676148ae45969bb020edd207492c8ce4cee10b62d7865bed04cb9edc9a23962e90cacb838eac5454de35ca7b64e9f
SSDEEP

6144:5p4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3VVF:5p4wj3t9B7wp+1+w7NSoS39

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2096-0-0x00000000009A0000-0x0000000000A3E000-memory.dmp	upx
behavioral1/memory/2096-91-0x00000000009A0000-0x0000000000A3E000-memory.dmp	upx
behavioral1/memory/2616-103-0x00000000009A0000-0x0000000000A3E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\utils.jar	1802EC~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	1802EC~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	1802EC~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	1802EC~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2892	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	28
PID 2096 wrote to memory of 2892	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	28
PID 2096 wrote to memory of 2892	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	28
PID 2096 wrote to memory of 2892	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	28
PID 2096 wrote to memory of 2616	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	31
PID 2096 wrote to memory of 2616	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	31
PID 2096 wrote to memory of 2616	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	31
PID 2096 wrote to memory of 2616	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	31
PID 2096 wrote to memory of 2616	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	31
PID 2096 wrote to memory of 2616	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	31
PID 2096 wrote to memory of 2616	2096	1802ec142f1b92d1c0887f5d048d27d7.exe	31

C:\Users\Admin\AppData\Local\Temp\1802ec142f1b92d1c0887f5d048d27d7.exe
"C:\Users\Admin\AppData\Local\Temp\1802ec142f1b92d1c0887f5d048d27d7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2892
- C:\Users\Admin\AppData\Local\Temp\1802EC~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\1802EC~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
ff8a56674693ef690535ef78377f16da

SHA1
e2d6b71d2a6cb488c026db098ac98535972e57a0

SHA256
2eef121f32f56fe0b2b2acb85efc4a8e80bb75326c96fc791a99f9f41b5c0f50

SHA512
cbb852944cb9a589ba99b53d5212627054de31ada97e6c9b1064048c18a8d8fadda8334e8ec214701a722a63ae459c424a4269fe620d0e68d616af80e5674432

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
f982bf15bcfb0a2e53069b4e7c0621da

SHA1
3d3b2bd97696e5d4c857def791035c18f087e364

SHA256
8b943cbcc217ec296ea067ee5f052a02d478b1c7a87ea8977c5dd54e3167ab9c

SHA512
e89d0bdd71852ee7ded00b18971ed77d266608094670464eeb04faf71be4f0084a44974a3b16fc9c5b74161a18d8b6a5bb721c456d69f963e999295951c5ee32

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
b0c1a1f6779ff4d6dc660dbb5424a248

SHA1
397936a1b49bc00393939162c3cf284983a3e247

SHA256
461ca190cc0ba793dc40384c623c1f7fb7ff9d5812f5e9f3fb724ea7f560f0cf

SHA512
585cd3d488976691eb8ec0df917ef2de47a9db3e5e2e2f54a25982959ea6f0849b0e473f6f112f6b911f158932ed6b62b88a5a1fe4b6a32619cf3b2aa9390867

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
368f6d2e6f1fca497ad4d733df349e9c

SHA1
87b9c7db69259b5869ca901d316c710ac5a5874d

SHA256
dbfb2683b21bec8298226c931c7dfa0b92c044a3c1249ec9658b1f722c56bc35

SHA512
c5a63e4d9a122eaa173038d8c096c4e0dce336bd5049e778617d34ef7dc3540bb88dd6995d8c698870bf6aeb768a438c92833fc9528944d8e6179313bc782b8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
8b642983458e07f2f4bf5bc3f73e9ef0

SHA1
0de1b8b3a69d6d89a85e1621bf070982a421b249

SHA256
997e7bb6b5242a2e5674d99554ed297df8c193c84c1e98f8215f9b22a03af0f0

SHA512
bd6b36ddc5cd3a82f77f7bfaa62d4c3251fab1ddb1f7e75001fe7dc921f861d6e45058e67ce086a9383d3fa4f78953d3209aae6290b97f38ac4f36c85306ac00

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
d71859b586e8bdfd37d12109bcdb2901

SHA1
95c701b3d070b93b91e16ec0715f5eb8b65321ed

SHA256
649fbc6c5c5355f4a9ba7248653b0910b2ae0b88086a7818a81ddad35f48a95d

SHA512
4083dce5b5bdae9043bd7261c23c04b6e477734cc562ff1857b153099b962fb9d0ef91c5f96299e278fcf17c31741a2c79363d007f6d4377b95d5e111cffa3eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
aeb957fa642b3abde59fcb666d0b2ab3

SHA1
234e46cc2ea2a937aa86e24d6cc79e370b790dea

SHA256
717c42a5af6763dda036ba39550b519ca2176b5b3bbc8e5234499eecd29523b4

SHA512
a51c81cbb77bc3ba4d6fe00f220271ddc2dddf8666a6634573ee32afb16849eeb34fe1290142c38683667f5383b5f7fbd97a3fa93e9fca413022ae471d4ae84e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
4f9a0383ddfd0062f8054288b98d1694

SHA1
6fb5ba148951e8f1df2033605d5ff4677fd81e83

SHA256
d57aaf1da716bb064d5e6b2ce72ee04c24abfd6aa6704ae28bb713a987ade13d

SHA512
d800b1a4c8d4816b6905b9bfc81bcccafd22b69cc0bec4ae5a352c83bb5ce8be3aa056ee17a7fed9bdb2da0cbb007877a7399d6c7beb477400d95660e25070e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
24472c980957ed84aed9a2b42f419152

SHA1
61e8563763ef283cb89477dd254edab5d8b6f231

SHA256
d1759750184d0bf857a62e2e9039dd9b34ae5f1b8fcc684fa2a6b07566bc44b3

SHA512
f985c8fcd3a31b7d664337e1e36394a39b56820aee674f0fa76a061af8951487fa1c46aeb527ccf079ee43941286604a0afd75b30d9a04cdc0a7fd926600c520

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
f15c06e0077dc17792ef3c617d77ffb5

SHA1
75cec62c8d96a671aa94d90e86ef9bae46682300

SHA256
145f715dcb9f3746379ad75c06139394da541badb2079ff211967bbfd975536a

SHA512
7050a311889653233734e679a8e135942f6e651aa039189e7339a1e1b3f8138f92178c1db123cba93c42e73e5a9ac5fa868dd36f19c0c6992294e76c604d0819

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
662e91337a3b0a923ab76ace830cdbc2

SHA1
d70f5c274b1d036d715de2a44eddac5d7ab9b367

SHA256
8e32090c73a4cd4741bcfd4472813df74215c44cba77c0d1589822ab7bd1cf30

SHA512
cafae586e624df356afce4f1b25c63f0957294481d623f343f9843f352afb3be84b4e94a8ff2a4229222daba8fc6e2a4f418f391f5e51ad01f40946ce6528f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
d05794430e01272838ac95278afd445a

SHA1
ad1fd1c0c09d39df2c1ead7858f51f1c599188c6

SHA256
cedee571714e0af22d8df97c3015676e9a5934934f112444863b6a200ff7bab0

SHA512
3b7d2fd165136f6caee3b7620da8dcbdaf9aa9856cd7d2705392457a345f28611d71a76c5580b0dd7d8b9263239d7ac07d3dd729b93fbd8016f0ee4b344c818d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
b77aae18dcab4ded49426ff574e6c9da

SHA1
fefd21d3c7b346af7dc2e2df033c01d071beb462

SHA256
c1442280fc5b02976dbb2cadfb0c44fa4c97a2474e2cb66eacfbcebc4026fd55

SHA512
528f31de5eac3d59154da0a5a4eb7e16f8697322a7de114f2ad4788d0b802f65ed0681ffe18e1088b35dc3452c7402b9d2fe904593b243ec09781d61525f27a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133485263739032000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2096-105-0x0000000003910000-0x00000000039AE000-memory.dmp

Filesize
632KB

Download
memory/2096-106-0x0000000003910000-0x00000000039AE000-memory.dmp

Filesize
632KB

Download
memory/2096-91-0x00000000009A0000-0x0000000000A3E000-memory.dmp

Filesize
632KB

Download
memory/2096-0-0x00000000009A0000-0x0000000000A3E000-memory.dmp

Filesize
632KB

Download
memory/2096-38-0x0000000003910000-0x00000000039AE000-memory.dmp

Filesize
632KB

Download
memory/2616-103-0x00000000009A0000-0x0000000000A3E000-memory.dmp

Filesize
632KB

Download