37b3035464123d188316fc8e7574f2e31768df08aca8e9dc2adceb41d34f2428

Analysis

max time kernel
34s
max time network
46s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
15/06/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winzip28-downwz.exe
Size

2.8MB
MD5

17687f01ca5191c5e9dd733b30248ea2
SHA1

9b63db46a9d58b945dd9b850236ed8d4d7d3567a
SHA256

37b3035464123d188316fc8e7574f2e31768df08aca8e9dc2adceb41d34f2428
SHA512

d366482d520fb250de54441daa9744129e692c24faeec2e7dce071370cfeeb00b50ef10fe47a3d788d3c4a17719d6133420ab99c6384798ea2017dca6260eb3c
SSDEEP

49152:W9vgPi4Lp+1+zV9c9S7J5/iR7B/3blLYSNVMaxY3Y9fkHu+bHqjD:IbCpEYV9uSF5/mt/Ll5xY3gkHu+bHaD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1644	winzip28-downwz.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4924	1644	WerFault.exe	77

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 1644	2692	winzip28-downwz.exe	77
PID 2692 wrote to memory of 1644	2692	winzip28-downwz.exe	77
PID 2692 wrote to memory of 1644	2692	winzip28-downwz.exe	77

C:\Users\Admin\AppData\Local\Temp\winzip28-downwz.exe
"C:\Users\Admin\AppData\Local\Temp\winzip28-downwz.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Users\Admin\AppData\Local\Temp\e578434\winzip28-downwz.exe
  run=1 shortcut="C:\Users\Admin\AppData\Local\Temp\winzip28-downwz.exe"
  2⤵
  - Executes dropped EXE
  PID:1644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 1744
    3⤵
    - Program crash
    PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1644 -ip 1644
1⤵
PID:3664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e578434\winzip28-downwz.exe

Filesize
2.8MB

MD5
17687f01ca5191c5e9dd733b30248ea2

SHA1
9b63db46a9d58b945dd9b850236ed8d4d7d3567a

SHA256
37b3035464123d188316fc8e7574f2e31768df08aca8e9dc2adceb41d34f2428

SHA512
d366482d520fb250de54441daa9744129e692c24faeec2e7dce071370cfeeb00b50ef10fe47a3d788d3c4a17719d6133420ab99c6384798ea2017dca6260eb3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57853d\Load.html

Filesize
2KB

MD5
1757c2d0841f85052f85d8d3cd03a827

SHA1
801b085330505bad85e7a5af69e6d15d962a7c3a

SHA256
3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35

SHA512
4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57853d\common\js\common.js

Filesize
45KB

MD5
87daf84c22986fa441a388490e2ed220

SHA1
4eede8fb28a52e124261d8f3b10e6a40e89e5543

SHA256
787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23

SHA512
af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57853d\common\js\external.js

Filesize
36B

MD5
140918feded87fe0a5563a4080071258

SHA1
9a45488c130eba3a9279393d27d4a81080d9b96a

SHA256
25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6

SHA512
56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57853d\common\js\jquery-1.11.2.min.js

Filesize
93KB

MD5
5790ead7ad3ba27397aedfa3d263b867

SHA1
8130544c215fe5d1ec081d83461bf4a711e74882

SHA256
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

SHA512
781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57853d\config\config.js

Filesize
5KB

MD5
34f8eb4ea7d667d961dccfa7cfd8d194

SHA1
80ca002efed52a92daeed1477f40c437a6541a07

SHA256
30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d

SHA512
b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57853d\config\installparams.js

Filesize
534B

MD5
5341de2e990c85795bcd6f09252f908b

SHA1
b88dd2301853dfcab8b54f45be648b17131e83c6

SHA256
8f93c4023af718e0f8e87d19a8b3e840a88dfb8e329fd8f5eaaa2a5b9bfa219e

SHA512
e0fb846c9bb836c4d3b5c444d9b45b2e489354d55688cb7da710c199a9f8f11491b74d1ff631c38eca633165923a3271c2136040b23a52a8dc6825fffada70ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57853d\config\stubparams.js

Filesize
37KB

MD5
91f6304d426d676ec9365c3e1ff249d5

SHA1
05a3456160862fbaf5b4a96aeb43c722e0a148da

SHA256
823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b

SHA512
530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57853d\pages\Initialization\page.html

Filesize
2KB

MD5
b23411777957312ec2a28cf8da6bcb4a

SHA1
6dd3bdf8be0abb5cb8bf63a35de95c8304f5e7c7

SHA256
4d0bdf44125e8be91eecaba44c9b965be9b0d2cb8897f3f35e94f2a74912f074

SHA512
e520b4096949a6d7648c197a57f8ce5462adb2cc260ccac712e5b939e7d259f1eee0dfc782959f3ea689befce99cddf38b56a2cc140566870b045114e9b240dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads