Overview

overview

1

Static

static

1

zbxl.zip

windows11-21h2-x64

1

zbxl.zip

ubuntu-18.04-amd64

zbxl.zip

debian-9-armhf

zbxl.zip

debian-9-mips

zbxl.zip

debian-9-mipsel

0

windows11-21h2-x64

1

0

ubuntu-18.04-amd64

0

debian-9-armhf

0

debian-9-mips

0

debian-9-mipsel

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-02-2024 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zbxl.zip

  • Size

    43.8MB

  • MD5

    da596c5fa1bfe53dc6ef777e810c2e7d

  • SHA1

    dc756fddd264eaadcc0c8e8576d11259bbe1c150

  • SHA256

    eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

  • SHA512

    bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3

  • SSDEEP

    196608:rAA/coo9ZmMOfGI0QIdgCUlo1JKq5LJ2q82M/nSk827:rAHX9DQGI0Q321tr82MPl

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\zbxl.zip
    1⤵
      PID:2236
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1384
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
        1⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:1300

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
        Filesize

        202B

        MD5

        4566d1d70073cd75fe35acb78ff9d082

        SHA1

        f602ecc057a3c19aa07671b34b4fdd662aa033cc

        SHA256

        fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

        SHA512

        b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
        Filesize

        3KB

        MD5

        4abed21509f5a353591e357e80744277

        SHA1

        4a19d7be5505043ed2aa97be34a12d37e1ab905d

        SHA256

        6533ca83308079ddba59dc34ee56ee9835b003271a4a096bf623afdeac4bd03d

        SHA512

        c96db1cf9e59bbd40a7334fb75ad51d12ec0b34ddda1699de4e0bbe7b383d9a8646f21164e5d801a50198c2a7d6dea37906c9acaf929d91977f91b2c44674685

        Download Submit

      • memory/1300-12-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-50-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-0-0x00007FFD2FE70000-0x00007FFD2FE80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1300-5-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-7-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-6-0x00007FFD2FE70000-0x00007FFD2FE80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1300-9-0x00007FFD2FE70000-0x00007FFD2FE80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1300-8-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-10-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-14-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-3-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-4-0x00007FFD2FE70000-0x00007FFD2FE80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1300-11-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-15-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-16-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-18-0x00007FFD6E900000-0x00007FFD6E9BD000-memory.dmp

        Filesize

        756KB

        Download

      • memory/1300-19-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-17-0x00007FFD2D3F0000-0x00007FFD2D400000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1300-1-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-2-0x00007FFD2FE70000-0x00007FFD2FE80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1300-48-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-49-0x00007FFD6FDE0000-0x00007FFD6FFE9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1300-13-0x00007FFD2D3F0000-0x00007FFD2D400000-memory.dmp

        Filesize

        64KB

        Download