Overview
overview
10Static
static
7WezoAutoUP.exe
windows7-x64
7WezoAutoUP.exe
windows10-2004-x64
7culclientUp.exe
windows7-x64
7culclientUp.exe
windows10-2004-x64
7software.exe
windows7-x64
10software.exe
windows10-2004-x64
10vncDbnt.exe
windows7-x64
8vncDbnt.exe
windows10-2004-x64
8wzoptup.exe
windows7-x64
7wzoptup.exe
windows10-2004-x64
7Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
06-07-2024 00:56
Behavioral task
behavioral1
Sample
WezoAutoUP.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
WezoAutoUP.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
culclientUp.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
culclientUp.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
software.exe
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
software.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
vncDbnt.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
vncDbnt.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
wzoptup.exe
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
wzoptup.exe
Resource
win10v2004-20240704-en
General
-
Target
culclientUp.exe
-
Size
329KB
-
MD5
915b7366ba2e87a3f5a6810903cbc38a
-
SHA1
0d8fe32290ad5294cc6770daf316114e8cbcc60f
-
SHA256
f6c833657a31e9f8fc136f74aa251d428a6d2ee7bcc6fb74c00ba4f44e902edd
-
SHA512
a6981d6a94ada77245eaeefdb577055e36f1465d400bbcbae064723dd3a3e7f37495926d45a4227e31631b87b513446901e7e48fa75a97823ff1eef681b7ce08
-
SSDEEP
6144:u68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1IBG:OfnnK9zABs+TbFx9SXOPCf8DkqAR8zHu
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral3/memory/2308-0-0x0000000000400000-0x00000000004D0000-memory.dmp upx behavioral3/memory/2308-1-0x0000000000400000-0x00000000004D0000-memory.dmp upx -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
culclientUp.exedescription ioc process File opened (read-only) \??\v: culclientUp.exe File opened (read-only) \??\l: culclientUp.exe File opened (read-only) \??\m: culclientUp.exe File opened (read-only) \??\n: culclientUp.exe File opened (read-only) \??\p: culclientUp.exe File opened (read-only) \??\t: culclientUp.exe File opened (read-only) \??\u: culclientUp.exe File opened (read-only) \??\z: culclientUp.exe File opened (read-only) \??\h: culclientUp.exe File opened (read-only) \??\j: culclientUp.exe File opened (read-only) \??\k: culclientUp.exe File opened (read-only) \??\q: culclientUp.exe File opened (read-only) \??\r: culclientUp.exe File opened (read-only) \??\x: culclientUp.exe File opened (read-only) \??\e: culclientUp.exe File opened (read-only) \??\g: culclientUp.exe File opened (read-only) \??\s: culclientUp.exe File opened (read-only) \??\a: culclientUp.exe File opened (read-only) \??\b: culclientUp.exe File opened (read-only) \??\i: culclientUp.exe File opened (read-only) \??\o: culclientUp.exe File opened (read-only) \??\w: culclientUp.exe File opened (read-only) \??\y: culclientUp.exe -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
Processes:
resource yara_rule behavioral3/memory/2308-1-0x0000000000400000-0x00000000004D0000-memory.dmp autoit_exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).