be9abebaebdf278b74184f318cd474b64ef0b95cd3fc09e490c3f785c8b26261

Resubmissions

15/05/2024, 10:41

240515-mq534sde5y 8

15/05/2024, 10:29

240515-mjl2nadd29 7

15/05/2024, 10:22

240515-mefdbach6z 7

Analysis

max time kernel
93s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Zulu2021_x64_ru.exe
Size

286.0MB
MD5

bc34b12d23bb0ece6d8dabb39b3660bd
SHA1

92b5b62989f6a8a7e7ee7d2875440f2ed1dfc8e9
SHA256

be9abebaebdf278b74184f318cd474b64ef0b95cd3fc09e490c3f785c8b26261
SHA512

29885117c1293e0b2da6e92209b996d6bce9e5a85522c6dd4029b47703dad8bfd74b83d8833d20c6afd3b431128a2340c3c3ca554e94e3716a3c7010a2a0ce3f
SSDEEP

6291456:xcu6yi759eECcJrCzfLUKw34AuY6QEA6x8D3JrfRqvzhVmAqUum46Jw:xcu6zeEC+rCjLdw3H6QRdD3Jr5qvV49n

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
620	Zulu2021_x64_ru.exe

Loads dropped DLL 1 IoCs

pid	Process
620	Zulu2021_x64_ru.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 620	2992	Zulu2021_x64_ru.exe	88
PID 2992 wrote to memory of 620	2992	Zulu2021_x64_ru.exe	88
PID 2992 wrote to memory of 620	2992	Zulu2021_x64_ru.exe	88

C:\Users\Admin\AppData\Local\Temp\Zulu2021_x64_ru.exe
"C:\Users\Admin\AppData\Local\Temp\Zulu2021_x64_ru.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\Temp\{60473AA0-44AA-4E22-B092-AD78CCEC1191}\.cr\Zulu2021_x64_ru.exe
  "C:\Windows\Temp\{60473AA0-44AA-4E22-B092-AD78CCEC1191}\.cr\Zulu2021_x64_ru.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Zulu2021_x64_ru.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{60473AA0-44AA-4E22-B092-AD78CCEC1191}\.cr\Zulu2021_x64_ru.exe

Filesize
577KB

MD5
9b0fad51efad983c4da36029b22066ae

SHA1
2094a7f5a7e64798506cc69cb147c6f12ac52607

SHA256
5b3b9ad249bd7e87442ec1a2334112aa2f2d5992c55ae853df4f5172da49619c

SHA512
481a19bc947e1f74224f182cd53997754d5599481a90c187950c937dc093e5f9601c6fea90a51ab46141b6eb6fb62c405b6a39cdd04513d714e95a6d73615973

Download Submit
C:\Windows\Temp\{E4CAAB91-95BA-4E17-9821-109617CCF118}\.ba\logo.png

Filesize
7KB

MD5
09b709e42189d3828bb32e129fddc03a

SHA1
56e95370abd0a3bbed837fca54f179665ee070e8

SHA256
4ebe86e1e02fdada37afbf3c8475dcd26470ac72e1aca3f924165e0ff6349a73

SHA512
2c4b563ba98a89868952e5977e8dfe1e88c13e0cf43321a353fed9ed19ddb8243b0cdd8ce192e0f56ee2d04b30d5edbb41f820f7f391aab8cd9ea4fb43b165e3

Download Submit
C:\Windows\Temp\{E4CAAB91-95BA-4E17-9821-109617CCF118}\.ba\wixstdba.dll

Filesize
184KB

MD5
fe7e0bd53f52e6630473c31299a49fdd

SHA1
f706f45768bfb95f4c96dfa0be36df57aa863898

SHA256
2bea14d70943a42d344e09b7c9de5562fa7e109946e1c615dd584da30d06cc80

SHA512
feed48286b1e182996a3664f0facdf42aae3692d3d938ea004350c85764db7a0bea996dfddf7a77149c0d4b8b776fb544e8b1ce5e9944086a5b1ed6a8a239a3c

Download Submit