Overview

overview

7

Static

static

4

LimitedZ_v...er.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    26s
  • max time network
    28s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240704-en
  • resource tags

    arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/07/2024, 22:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LimitedZ_v2 Installer.exe

  • Size

    24.9MB

  • MD5

    3917db1d29da0793fc354d53a1e3dadf

  • SHA1

    6d669038e3582e2ff2c29ebff0e572ab50f8fe56

  • SHA256

    4089269ac9c71352202e2906f8faf6e675efe9c40c2d78084970a0284c408811

  • SHA512

    181be6b58aa44e4ba764ee550945aec7981147edad3551cfcff1d6a6bad7de2eac05a8e9a11a22701233e2f18b13835c7fd5dcc6134bcc7f62d7c1dd5e0d0462

  • SSDEEP

    196608:YSilnyM4oz+lgexh7J5M7Lb+lgexhTZtyYH1PaW+lgexhS4e39+lgexhYWnH6TM8:Y9yM+PM3KTTH14heEpnH6fVGQXkq

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LimitedZ_v2 Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\LimitedZ_v2 Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4336
    • C:\Users\Admin\AppData\Local\Temp\is-0T66J.tmp\LimitedZ_v2 Installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-0T66J.tmp\LimitedZ_v2 Installer.tmp" /SL5="$702EA,22569339,1145856,C:\Users\Admin\AppData\Local\Temp\LimitedZ_v2 Installer.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3152
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Program Files\LVC-Audio\LimitedZ_v2\readme.rtf" /o ""
        3⤵
        • Drops file in Program Files directory
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\LVC-Audio\LimitedZ_v2\readme.rtf
    Filesize

    33KB

    MD5

    a07cd7485948e79853ca577f8bf13bd3

    SHA1

    458b49c3cab48d2ef3f63b1d96206b16c4c7531d

    SHA256

    ef4b1bad6f9f9ffe13635a6b0621ed34ad1139025f6f70c4a418a6b6ee721c17

    SHA512

    f0e45bbcd4c1f8470d9f759a21a292387e84edce6332377c031df175ad3ea1861995aed4778ede26bf83be1d6309821389e5abef2cffec752612ef09add2f499

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-07-05 #001.txt
    Filesize

    8KB

    MD5

    db5ee9b4bf6a53b16c65f90219b7aaa9

    SHA1

    281d066352fd64fb2d1ec8a419fb2fcaa2146659

    SHA256

    0a45f531c79920851d84be90207d0fab29e7cef5065621cea2776675a354aa6e

    SHA512

    80446194ff0d6e5569ec4f437a724b555e6f696655353c006763b43718c596e449a10d3440eac0baafab69697bc54e8131b21a3b62f77e36c21573c67a136cba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-0T66J.tmp\LimitedZ_v2 Installer.tmp
    Filesize

    3.2MB

    MD5

    1efb48db61a603b7b28b6fb7f7766cba

    SHA1

    c1ecf7b8e5a1e00d86185a9948d20a84ab13c70c

    SHA256

    4877c937915c2e7a4bb33b8f1be4116b800be57d744473fbf545d3bcf642e939

    SHA512

    e279f31ba6655c78f2f43d6c31bb6b4e5e6f663938797ab86d59f7103fa39ab14dc8edea4f79156c4def0763fd274b5aaefb8f673af44e3e0fca0805361c89a0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    354B

    MD5

    e0ab66f6e98073eb0634be11bcaa4851

    SHA1

    ce7d9976fc9dd5c6b797eea94d75dfb1ca5a84d5

    SHA256

    65555cbfab9abadc02a00e6766ccfc7eb694e2aca9a4a9c7fb06905c287aab45

    SHA512

    8a4883dec253201ef902ce4c490e4b0436b86b146256b2aa4eb2f6f389058ef5177ed0faac088bfc0dc843057de94a8a6a63d61efa79173ff02f627b5843f64b

    Download Submit

  • C:\WINDOWS\FONTS\UBUNTU-R.TTF
    Filesize

    345KB

    MD5

    7f0b42d1d6a4d3e646c558185f6711ea

    SHA1

    ef32ba2c56fcb8c6e5a8e7f57985a8be01484524

    SHA256

    52c1afa489ae7bfd893af6cdd9f1af258005703600449e70d338caabcff507e5

    SHA512

    9e50d22b2cb2f241d4f20dbcaccb53034d9eaf5d7a108cc75b635b8f7601c4c6f7f65f90a6b58b789a3114d6fa0071744349bee0f0a9cdb8ecf1d1b5ab48f280

    Download Submit

  • memory/2848-46-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-69-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-48-0x00007FF866643000-0x00007FF866644000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2848-47-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-116-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-45-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-50-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-49-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-51-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-54-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-56-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-55-0x00007FF8242F0000-0x00007FF824300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-53-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-52-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-58-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-67-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-68-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-44-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-114-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-70-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-74-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-115-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-113-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-112-0x00007FF826630000-0x00007FF826640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-59-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-61-0x00007FF8665A0000-0x00007FF8667A9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-60-0x00007FF8242F0000-0x00007FF824300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3152-6-0x0000000000400000-0x0000000000747000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3152-9-0x0000000000400000-0x0000000000747000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3152-73-0x0000000000400000-0x0000000000747000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4336-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/4336-77-0x0000000000400000-0x0000000000525000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4336-8-0x0000000000400000-0x0000000000525000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4336-1-0x0000000000400000-0x0000000000525000-memory.dmp

    Filesize

    1.1MB

    Download