Overview

overview

1

Static

static

1

zbxl.zip

windows7-x64

1

zbxl.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-04-2024 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zbxl.zip

  • Size

    43.8MB

  • MD5

    da596c5fa1bfe53dc6ef777e810c2e7d

  • SHA1

    dc756fddd264eaadcc0c8e8576d11259bbe1c150

  • SHA256

    eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

  • SHA512

    bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3

  • SSDEEP

    196608:rAA/coo9ZmMOfGI0QIdgCUlo1JKq5LJ2q82M/nSk827:rAHX9DQGI0Q321tr82MPl

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 19 IoCs
  • Suspicious use of SendNotifyMessage 17 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\zbxl.zip
    1⤵
      PID:1740
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2012
      • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
        "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
        1⤵
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:792
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnprotectImport.3gpp"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1120
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RestartSync.wvx"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2952

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\vlc\ml.xspf
        Filesize

        304B

        MD5

        781602441469750c3219c8c38b515ed4

        SHA1

        e885acd1cbd0b897ebcedbb145bef1c330f80595

        SHA256

        81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

        SHA512

        2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

        Download Submit

      • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
        Filesize

        536B

        MD5

        eb869ca450456aff10edb4cac6065ca6

        SHA1

        b5343d6d5430fff354d431a2ad22b991464cbae0

        SHA256

        780727fa7874087d2c56dba91547da80fb5bb4f28d884f12c439b65fd1236497

        SHA512

        8d0a0a4bf93d46c8d917a0902729c6ad37af88a5e15b3eb2ac89d2ea75093739cf3ef2a883447fc37ea1820ac988e39b9399189dbaad6a50c1eb1c2bd639b1e9

        Download Submit

      • memory/792-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/792-1-0x00000000723BD000-0x00000000723C8000-memory.dmp

        Filesize

        44KB

        Download

      • memory/792-3-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/792-4-0x00000000723BD000-0x00000000723C8000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1120-26-0x000007FEF2D30000-0x000007FEF2E42000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/1120-25-0x000007FEF3940000-0x000007FEF49EB000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/1120-24-0x000007FEF4C90000-0x000007FEF4F44000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1120-23-0x000007FEF5C20000-0x000007FEF5C54000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1120-22-0x000000013F610000-0x000000013F708000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2952-37-0x000000013FC20000-0x000000013FD18000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2952-38-0x000007FEF5BE0000-0x000007FEF5C14000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2952-39-0x000007FEF49D0000-0x000007FEF4C84000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2952-40-0x000007FEF4530000-0x000007FEF4642000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2952-41-0x000007FEF3340000-0x000007FEF43EB000-memory.dmp

        Filesize

        16.7MB

        Download