2129cdb0252b7d3a6f6d7610d5b260a87379dce04e19c737fe362a950ad79dff

Analysis

max time kernel
143s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

244d28a97dd03a3e17adfec1dbaecf01.exe
Size

227KB
MD5

244d28a97dd03a3e17adfec1dbaecf01
SHA1

8eac0306d8bd63e358d213fc4404c814433750ba
SHA256

2129cdb0252b7d3a6f6d7610d5b260a87379dce04e19c737fe362a950ad79dff
SHA512

a423fbde6d18b28616bdee0abb9b96e22cd0bb23b44cef07b94e2ce85d94cd6f4f03a66a806d58304bafa57c71138de762982a7c4613b492fd3add901c1c99fa
SSDEEP

6144:RifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRVJ7:sfk6kDqHw2hmxlrz2HoSRL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2160-0-0x00000000002B0000-0x000000000034E000-memory.dmp	upx
behavioral1/memory/2616-46-0x00000000002B0000-0x000000000034E000-memory.dmp	upx
behavioral1/memory/2160-106-0x00000000002B0000-0x000000000034E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\License_en.rtf	244D28~1.EXE
File created	C:\PROGRA~2\Zona\utils.jar	244D28~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	244D28~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	244D28~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2716	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	28
PID 2160 wrote to memory of 2716	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	28
PID 2160 wrote to memory of 2716	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	28
PID 2160 wrote to memory of 2716	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	28
PID 2160 wrote to memory of 2616	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	31
PID 2160 wrote to memory of 2616	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	31
PID 2160 wrote to memory of 2616	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	31
PID 2160 wrote to memory of 2616	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	31
PID 2160 wrote to memory of 2616	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	31
PID 2160 wrote to memory of 2616	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	31
PID 2160 wrote to memory of 2616	2160	244d28a97dd03a3e17adfec1dbaecf01.exe	31

C:\Users\Admin\AppData\Local\Temp\244d28a97dd03a3e17adfec1dbaecf01.exe
"C:\Users\Admin\AppData\Local\Temp\244d28a97dd03a3e17adfec1dbaecf01.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2716
- C:\Users\Admin\AppData\Local\Temp\244D28~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\244D28~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
179ec2207d694c6997d3958d1bb97676

SHA1
92c6d1e11e7723a3cfd0ac339cfcb492b3d9fd9f

SHA256
f8040236674241e4b2f536c6ad5e838fed2c76b7a0f724ee95262db20dcd4237

SHA512
a2dd5df768e575c4a958fe8006d62547dc53ff6f2264d6b3fcdae3e44af1a92ed6daad4391c8e83919ae1f340301767564b6012d4f566d889b989a2b8f45db3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
62ba2bca9cc1ef553a9de9408722434d

SHA1
7885338593e0f65da00a04473f58e6026a835548

SHA256
e6326a8a7e5f20d444d071802d4a6483c3093e013fbe972c652a10adb73a3956

SHA512
419c7901cdca4e6e49f26ed38589be5fbb20b5ca38deffd63535624b9a39b5b4949adbb3ff4b6bd4b27263b4b98749edb5377febddc8b891ffc8fd516a98b2c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
265732e5f53e72a65c3047a5fd4e2cf5

SHA1
0b614c52fe0112cfc7154b9abae54e6c60624380

SHA256
3b361887fa653f00cebf282fc505971f2f84150ac3bbd2eb925a76a1995be425

SHA512
3a15db60e015ae6b5e7e1b8eae5fabf8d3f8d201466ae4cd7cc3f74cd20edbb857500f406dda918eb0528d94222b68629416eec1fdede84ce93c2aa6148b1cef

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
e9fdbbceb5d6cacf27627d1c5e58c1fd

SHA1
60ec65200c3cb1609e8caceca562a862be268155

SHA256
3ca2447d6b679652b95d4ab1fb64b2bd44857db6864f7250a4df158aba235a15

SHA512
69261ea7c785fcb31ca250036e76300a22a9d76a18f505fa58c76851f9396f0537f9e065af0a999c9a6aab91079ff8207f24fb6f4584b265741207290288201f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
3b3c90431eb5c10480ae00e53c17dc0e

SHA1
50d605cf030c92e006c11840447741df0dee2ffd

SHA256
111a4dd83e25deaf119b976bccf2fe87e1aaded20ec5bf5fae7a517ec1d7af2d

SHA512
1738c738074d1998c9f4e49b7c02523d4ba663025e0e58a3a953d81aef04cbff2dd8f29730e37850f717db014e45c40784ff89c67122e1a7340aedc049ab5a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
6a6b07514ce7ffe1297881f3272a67cf

SHA1
043d7f329af0c1ae237f3b03db488b7c74e0021c

SHA256
55e0f8d1b10576f13b89c1539fbd12a42be095d6a170a966c927d6630ec8e57e

SHA512
cf3ec6e21cfa2537a47ea9ed4496669b4878aaf4c5d117379fbdae6bf4426328dae72c8e6d2bc2b44175d7b4e65c46d9650ae80554d844dba5241d3b8c844e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
1dda97f314989c5de0862e47fb52bf9f

SHA1
ed908002c48a07e3abc48139e63265ff5a0f37d5

SHA256
610cc6fd5e46db3e0e332959d3fcbc62ed882491160820617df59c7d0e2da4c9

SHA512
984baba03846916956a24d88d7614eee594c80f75bca1735efbbf3896dadcc96683eaf475c38c08109cfd3f7b1bc761174f056a02c8aa84533fe2bb9319eda87

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
c20e1df4ed864c58fb35e1f235b0f1ae

SHA1
7e3b0b0012f3c94e142355a2c01b84abc1df6ba0

SHA256
4d5a187d79f85a5cb3002f266472813a04831aff5ede435b8c46a044ad4d6b8b

SHA512
bcc4b6f8bfb311fbed1b24fec99c10f0181351f3d902757860cc987f81cb422591679ead6d549c4705d41346e3ac2c0d574d1e56a0e5b9ae3fc83e952c944456

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
98aef81a3f19c3a61d2206e8f723aecf

SHA1
3892370a40a0a7976be69c7458abb4e63ae3371b

SHA256
3d0e51eb2bea748a624f1bd59860e7468573d4bc64b0593807cbe840e644ceb2

SHA512
d427d0698e7ecf0ab8610d0cfce4f05a453ff9e099365deec8253b65d66222e210afd6824454d92a8481d70d27771a4efc6dab9c3e97877575abb501f002458d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
d0921b11e754e7519b448a2f63c9427d

SHA1
91154539f4cc3d3acbdcb999092929b0ae3ac673

SHA256
f928e150c31533c518ed430d1157f89daea233eff085c337c2e16f0b8fd16457

SHA512
9f7eda5ee70e5a70b0c8b15b5ea9c6028f79888082975d4591b975983960eb71d0380c8517ddbd4dcf34b34d7a2d83d1c81181144132e5adfaee198491dc8a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
2KB

MD5
3b838022876e7b83011128a64ea60864

SHA1
0735a7f03bbd86e4d5fe79d0fa93279ebfd6232c

SHA256
8ac92ff05a65de0b355a5fb22df5f91a689cae7a49cd6376e21af620a00b2628

SHA512
eeb4fdfd85f572ba7c38af8ce05f62700a500941f14648b687ed93a4afdaa39982a2ff69a7770d8d9f3d6825814bea943cb14eee6a28ae72e51288c6614ce678

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
0bc80bd1d95afeed47e0a7eb9d7ba4ed

SHA1
9c8b299d9648f401fcb90ec3e5ad6e348d5e296d

SHA256
138ddbe0280c687344299a9a8e6457990ee41cd9ef5c1ccad4227ffa2d41c82d

SHA512
88d4b1d8d3c223deb6fcc7b16696cb5e57711263967ad309ce1e4b2496b11ff1daa30930471f2b699f21524b6d491b47698b30b02a83d75f9260cb8f2b07bf1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
07268ccc2fd60ef69b89c179442fcf81

SHA1
81cc3ce3a1bc76227f707de94ffdd31d27cef769

SHA256
e6af55458d0803716cd9f904b17eb34788bc55edfcd624bae9ba0f23883ed27e

SHA512
71f7c790819d404f0ddc6efbaa6a3d546b638dd2514c5b3030070eb901cb32733512da07da525113ca8261e2e430584f5b0056d04d7dd4ec59e0c4bc1befca41

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
675628bc14079fad2265b669b4f20a00

SHA1
9b6a5d7c77658fffcf078b583d9a860a3d99d215

SHA256
3baf4931690ef861357aadda81e8e5c087931136f0207f2bf94426d1a1a05c9a

SHA512
235fc77a34f02d362aab0048243d6eba212e378cfede76a23802003b411483c51a7b4d03eb70ba9ff596c60b3f25b5793e26245ddbab1cdcd37e8baa3ed80480

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
afd47057a141c27911b3d976b0859f1f

SHA1
3916a2c2bf1caf627cbd81ec915f0ff7e46dd052

SHA256
033fd5b61fe7e7a9e57dd4138a525576aa2e0513cc7af572fbfbcabbd9b4fe1b

SHA512
88317261a2ac46ef5c29104884bdb7b3550cd68e43291272d0f72e4f131b341b67851052fbb50077cc7bffa1e8e3c385409674dd98a689a1d3509f4ef4373376

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
561bf7c063e21ecc3d7bf9f9cc0e088c

SHA1
71943121e12ec71fb06ce54c2f7955258489fb69

SHA256
2a15f246e548e3547745469c216cae94fde4c0e30bfa88522153ac8cbdaaa97e

SHA512
31d1c37b721922c5ebc7eee24ab5bc508903ce900ca326933eab96619138ada383ff6f66efcaaf9bdb22625737045c428adb21a22013633eb5289fadb40b41ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
32a8b5215cf7bb0b519248ea9891a05c

SHA1
a217917f19f193b6b3d5d7e90c7cde1eb97d0d9d

SHA256
280cd4fe5bfa121e95aee173d9d91003ad44520d86d56cd65f2f3eef156be315

SHA512
73bab36446927fe656beb28bb14b42a10ac1200f2914839aba264a5df4c13aa58d2b733c2200a0ab4f2b04a608c50604b26aa7bdc5ccd675e80f51fda8a1735d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
7012abf901967794eaf857cefaeec37e

SHA1
46c713fa10849fe0e3d07ab84f8d71dc84c209de

SHA256
4bb2efcf830fa54f1f6ef3305f379ab8c18338ddeaa22b1fd6a6af7792f2fea3

SHA512
fb49ff154ade1b65985eae1b845652adeb1630b78b094488fe92b138d3156d8f5ea2cd51161b2d71412f025d84a1021d77741f338b78048ff05ecad4d69edcd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
fc8607d91726cb62317a32621dbbba8f

SHA1
3f117d63fe7158337524cf109b69d1a352664d5b

SHA256
74a928219608d34f7897a1fb4b038c5b9551b549ca8c67e2686360ea160fa910

SHA512
3e2116c871a308d279424063abccbc3f0251cde0e445060a48bac160d26afe4391428e69371dd47366a8d9540869f26720e3d9367757cee8be6f194da8fc0f58

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
5a778d39476d39643af05ebf44f9ff19

SHA1
59f59fd645c756bd060e3b861cf0ba4caee37839

SHA256
214575ab27eb672c02eedfa11fb2fd74b439b62848b4c24112c6da69931c62ee

SHA512
25c6907b7f99bc5ad2d424c7eb42b3ed321cfec5616bb669154aadcadb4e0d7d12a752147deb743efbd113f5f80360b3fed19f711a246bb802e44b1037c48059

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133489030139110000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2160-106-0x00000000002B0000-0x000000000034E000-memory.dmp

Filesize
632KB

Download
memory/2160-0-0x00000000002B0000-0x000000000034E000-memory.dmp

Filesize
632KB

Download
memory/2160-181-0x0000000003920000-0x00000000039BE000-memory.dmp

Filesize
632KB

Download
memory/2160-43-0x0000000003920000-0x00000000039BE000-memory.dmp

Filesize
632KB

Download
memory/2616-46-0x00000000002B0000-0x000000000034E000-memory.dmp

Filesize
632KB

Download