2b0d96e0813d17062eacd208c02246fbd3169153e5e8d9e56339921aef78c664

Analysis

max time kernel
146s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2024, 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.Zpevdo.3966.exe
Size

876KB
MD5

890351798a32e8618afd1e5321d43ab1
SHA1

5747dbd899574b83eecbec96dfc6d310140d12b3
SHA256

2b0d96e0813d17062eacd208c02246fbd3169153e5e8d9e56339921aef78c664
SHA512

a848f216bc9a859e75cd21be63d6ea306f4443965e83747a3af5a68570c5ffc9e16b751061848827c659d5a7214c8f45d12c798e56973897bf92a54780043967
SSDEEP

12288:R7sRowUy7oneiornbBDa222OUYxROhxSIfIkcibNb4WfTyQOy:R7zwUKliornbB4HxiS6Ik/Nb4WGQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
548	lzma.exe
3776	lzma.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 548	1232	SecuriteInfo.com.Trojan.Zpevdo.3966.exe	90
PID 1232 wrote to memory of 548	1232	SecuriteInfo.com.Trojan.Zpevdo.3966.exe	90
PID 1232 wrote to memory of 548	1232	SecuriteInfo.com.Trojan.Zpevdo.3966.exe	90
PID 1232 wrote to memory of 3776	1232	SecuriteInfo.com.Trojan.Zpevdo.3966.exe	91
PID 1232 wrote to memory of 3776	1232	SecuriteInfo.com.Trojan.Zpevdo.3966.exe	91
PID 1232 wrote to memory of 3776	1232	SecuriteInfo.com.Trojan.Zpevdo.3966.exe	91

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Zpevdo.3966.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Zpevdo.3966.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\lzma.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\verpatch.exe.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\verpatch.exe"
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\lzma.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\JWrapper-JWrapper-00019224260-archive.p2.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\JWrapper-JWrapper-00019224260-archive.p2"
  2⤵
  - Executes dropped EXE
  PID:3776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\JWrapper-JWrapper-00019224260-archive.p2

Filesize
1.1MB

MD5
7ed01763022e7e9a6dd4c370a1c22c07

SHA1
431676c1f0b8d85daf9f0b53d88980d240300db2

SHA256
0032141a43109f60694ec1125d4daa98114647d09e13e0a9b0fe5a40ad24a1b2

SHA512
8a9d750eeb17a846bf0bdb49122142241d0ddf0b2aadb06b016901fabc731916e060e75306b78b91a091e6550231479e4ccf6ca3d326982ed469ef95d1749806

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\JWrapper-JWrapper-00019224260-archive.p2.l2

Filesize
383KB

MD5
32648a013cb28bd7056f4a8ade9f1bf6

SHA1
e4b041644dbb0ef79bd2dad5ecdc26bdfac219ee

SHA256
a29385774d3dec077e57f16ac54ccb53fa7fb1e89a3f6c320d991f4e8b8c906b

SHA512
9c23b223ba2efbf6ed776bcefad4ae01c2528643600664d804a7f49346c1c884c6b97e8b95d6ba3819a73f1e19c2369d163e03fd0c29fc8384d559ae8f08831b

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\lzma.exe

Filesize
71KB

MD5
e59aa0e52e93c781dcdab8ad7cc4054c

SHA1
1be9c2d8b48d6e0c8a7cab6013cc36ea42ec421e

SHA256
410bfdaddee3767151296fe4f16052c39546151916f05bbe4ae1c6b698b18f0f

SHA512
d0be3580640bb2cca0c097ec2154132eeefd2b2b4b0e45027cc303c47a42f5c545d5f50182c70a69b5d1673112d24f8ae320d097d7034e810dbc0a5128b09050

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1710569887-0-app\verpatch.exe.l2

Filesize
16KB

MD5
0f01ede304c8199e4b56b847be0787e0

SHA1
a73f8dd25773469a1fd3cb873d2af3a95bf46fd5

SHA256
f719964e71b47116e87fdea44a50425e462fa9036e43d7badec624f36fe86d9d

SHA512
c46acf58ac2128576cf5996724f7b759092d0e705efff641a5feb5385f1a0078b78a9d044c51a80592bb90b137a633f9453105619b7a619389744a09963bbfb7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads