34c03f5a3ffa8a6c119b1f59f535cef81f80f9a5541f33b0b9aa83d9c5446359

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34c03f5a3ffa8a6c119b1f59f535cef81f80f9a5541f33b0b9aa83d9c5446359.exe
Size

449KB
MD5

86514d4ce7141e905dd47265bc59c8b4
SHA1

ebb24c2ce0b49344de67fae6a1d4fafc06343354
SHA256

34c03f5a3ffa8a6c119b1f59f535cef81f80f9a5541f33b0b9aa83d9c5446359
SHA512

9fb2a3b3464b2f74e86b1705df1a952fa1c953594aae06affcde8e8158f5a544e0b65257612455bfe2019c837f9f3e404a60fb1737c1cb1d448d55654efdc6da
SSDEEP

12288:NJu6lfyi4fabr9jy4BNKOSuDVh+vh4tH1jo3rqsh2o:N8XfyhLNKQVhKutH1jo3Phl

Score

9^/10

persistence upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 3 IoCs

resource	yara_rule
behavioral2/memory/4376-0-0x0000000000400000-0x000000000045F000-memory.dmp	UPX
behavioral2/files/0x000c000000023140-4.dat	UPX
behavioral2/memory/2876-6-0x0000000000400000-0x000000000045F000-memory.dmp	UPX

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2876	zonasdl.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4376-0-0x0000000000400000-0x000000000045F000-memory.dmp	upx
behavioral2/files/0x000c000000023140-4.dat	upx
behavioral2/memory/2876-6-0x0000000000400000-0x000000000045F000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\zonasdl.exe	34c03f5a3ffa8a6c119b1f59f535cef81f80f9a5541f33b0b9aa83d9c5446359.exe
File created	C:\PROGRA~3\Mozilla\eggeazi.dll	zonasdl.exe

C:\Users\Admin\AppData\Local\Temp\34c03f5a3ffa8a6c119b1f59f535cef81f80f9a5541f33b0b9aa83d9c5446359.exe
"C:\Users\Admin\AppData\Local\Temp\34c03f5a3ffa8a6c119b1f59f535cef81f80f9a5541f33b0b9aa83d9c5446359.exe"
1⤵
- Drops file in Program Files directory
PID:4376

C:\PROGRA~3\Mozilla\zonasdl.exe
C:\PROGRA~3\Mozilla\zonasdl.exe -ufdnlxl
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\zonasdl.exe

Filesize
449KB

MD5
b00b2c132bc3f9c6237897caaf4084c7

SHA1
7b548f046319681650ea6ff1438e92099e638c11

SHA256
8dbbc05d82e6d65d09abe2d9c235c6dfd46b3d3cf6d46e3790bcb8f4609d2d68

SHA512
9410453c3f009b25447a4926198c3d0acd47133357bcc57588b2de514b2dea4a6d7b33620416d3d02c134f541de6d3f8f9d9c28e6200c800f318a0ce59313a8e

Download Submit
memory/2876-6-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2876-8-0x0000000000C90000-0x0000000000CEB000-memory.dmp

Filesize
364KB

Download
memory/2876-9-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2876-14-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4376-0-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4376-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4376-1-0x0000000002220000-0x000000000227B000-memory.dmp

Filesize
364KB

Download
memory/4376-10-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4376-11-0x0000000002220000-0x000000000227B000-memory.dmp

Filesize
364KB

Download