Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
28-05-2024 13:32
General
-
Target
zitmain.py
-
Size
279B
-
MD5
6639a1095dc3e0cec59e7e33b19006de
-
SHA1
3d7a5fd6469021e400df9dd19da1c7687f7f6c6a
-
SHA256
4976a8497b8e1e6c17d8a17e56b163554b7da3879bd91d2e7fab18ebe45bc89b
-
SHA512
67e16f62aae236072c2942edcda0f3a428a2521e6adad67ac7071982d2a53eadb71d5b0fff6638a31fd5b293a94c0153f16b0d160716f64ae108b6947658f087
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\zitmain.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\zitmain.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\zitmain.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD58a40f6a9cbb523bd9352c7cbc7fc710d
SHA131c078843e7d9c87f5a31d837088bcbbc7e64d1c
SHA2566bcd65ade9725cb325b5f27d6a478f8038eff911b15e40972806557d2a1a804d
SHA51266c5e4d91bf5a13742838c082078824f660726635f786f3e7ca0e9a1ec04e789ac1ecaa1aa7a7c752c3985cc2579b94224c652cab9d1783b4346ff0e9b5d7c84