764ac07dbb5091c6c1d83b67f8f009a0bc1bb7f96db3b3461ad5175c466e0535 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 10:25

Sharing

Report Analysis Logs

General

Target

Zentra 1.0.exe
Size

16.5MB
MD5

3d997e2b7c8426de181f40eae0ef1e82
SHA1

13744398cb732cf973c497e592f93a7a9d5f9510
SHA256

764ac07dbb5091c6c1d83b67f8f009a0bc1bb7f96db3b3461ad5175c466e0535
SHA512

3a22276ae7208d27c6ce96064cd00c46a67a1644f1d80b291154e38880eefaa386fba0df835b2f31ee3a71c03188cf7be1958038cb05a30629d8dc9e4040c9b4
SSDEEP

393216:Ju7L/jpUTLfhJjdQusl7Q+l9RoWOv+9faTwJAd9gvUq:JCLtUTLJRdQu2QGborvSitz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2180	Zentra 1.0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2180	2096	Zentra 1.0.exe	30
PID 2096 wrote to memory of 2180	2096	Zentra 1.0.exe	30
PID 2096 wrote to memory of 2180	2096	Zentra 1.0.exe	30

C:\Users\Admin\AppData\Local\Temp\Zentra 1.0.exe
"C:\Users\Admin\AppData\Local\Temp\Zentra 1.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\Zentra 1.0.exe
  "C:\Users\Admin\AppData\Local\Temp\Zentra 1.0.exe"
  2⤵
  - Loads dropped DLL
  PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20962\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit