4994c0047de1f062a9db2cb5ab1daa0568264efd448bc1123a58fa1fec040ad4

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 06:57

Target

bdf74ba72e2e0aab2e7a1145005f6b7c.exe
Size

6KB
MD5

bdf74ba72e2e0aab2e7a1145005f6b7c
SHA1

eae0e16603f18d320896349e68e2580586127ffb
SHA256

4994c0047de1f062a9db2cb5ab1daa0568264efd448bc1123a58fa1fec040ad4
SHA512

faba278ec931764ae76ac47c6445c199ff2783a62041f7eb093d350b058ce81bf95c72b34cbb34b2de16538ea86cd251e8becd3f38120817a22d3c186d8f91e0
SSDEEP

96:DL3UCfY3J8h/uPo5y1uPienNf7dbVAw4ZP0D96XP1ki:vECw3J8hRg2ienpNVZ8P0D96PSi

Score

7^/10

upx

Executes dropped EXE 2 IoCs

pid	Process
2668	MizZabbat32.exe
3040	MizZabbat32.exe

Loads dropped DLL 4 IoCs

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2208-0-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x000d000000016cc9-5.dat	upx
behavioral1/memory/2668-13-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2208-16-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2668-25-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3040-24-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\MizZabbat32.exe	bdf74ba72e2e0aab2e7a1145005f6b7c.exe
File opened for modification	C:\Windows\SysWOW64\MizZabbat32.exe	bdf74ba72e2e0aab2e7a1145005f6b7c.exe
File created	C:\Windows\SysWOW64\MizZabbat32.exe	MizZabbat32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2668	2208	bdf74ba72e2e0aab2e7a1145005f6b7c.exe	28
PID 2208 wrote to memory of 2668	2208	bdf74ba72e2e0aab2e7a1145005f6b7c.exe	28
PID 2208 wrote to memory of 2668	2208	bdf74ba72e2e0aab2e7a1145005f6b7c.exe	28
PID 2208 wrote to memory of 2668	2208	bdf74ba72e2e0aab2e7a1145005f6b7c.exe	28
PID 2668 wrote to memory of 3040	2668	MizZabbat32.exe	29
PID 2668 wrote to memory of 3040	2668	MizZabbat32.exe	29
PID 2668 wrote to memory of 3040	2668	MizZabbat32.exe	29
PID 2668 wrote to memory of 3040	2668	MizZabbat32.exe	29

\Windows\SysWOW64\MizZabbat32.exe

Filesize
6KB

MD5
bdf74ba72e2e0aab2e7a1145005f6b7c

SHA1
eae0e16603f18d320896349e68e2580586127ffb

SHA256
4994c0047de1f062a9db2cb5ab1daa0568264efd448bc1123a58fa1fec040ad4

SHA512
faba278ec931764ae76ac47c6445c199ff2783a62041f7eb093d350b058ce81bf95c72b34cbb34b2de16538ea86cd251e8becd3f38120817a22d3c186d8f91e0

Download Submit
memory/2208-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2208-12-0x00000000004C0000-0x00000000004C8000-memory.dmp

Filesize
32KB

Download
memory/2208-16-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2668-13-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2668-21-0x00000000002C0000-0x00000000002C8000-memory.dmp

Filesize
32KB

Download
memory/2668-25-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download