Overview

overview

7

Static

static

1

ziv_2023.exe

windows7-x64

7

ziv_2023.exe

windows10-1703-x64

7

ziv_2023.exe

windows10-2004-x64

7

ziv_2023.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ziv_2023.exe

  • Size

    16.3MB

  • Sample

    240824-3qxdzaxhnm

  • MD5

    9d5e30fb8aca2302ed39eb3361744904

  • SHA1

    d96a2ceb8e800a403a5dff59e39e31c39979d887

  • SHA256

    70a22dd03bb42970c17824e50e6c9a26d337d0241242b98f9f61462a1707f878

  • SHA512

    4bb49325fbadddb1779b91d0aafc755195e202d7a4dbdd6ae1a5a17dfdf798ff91828eee2a24450036b508d9d50db80cfc4695c8db6a330342782445a813ade1

  • SSDEEP

    393216:JinXoakgCRwnAWOmB1Iecpai7mKJiTzP7gQug07Mhm/XK:J+YuCRwn1OOxgmKJIXgF72m/K

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      ziv_2023.exe

    • Size

      16.3MB

    • MD5

      9d5e30fb8aca2302ed39eb3361744904

    • SHA1

      d96a2ceb8e800a403a5dff59e39e31c39979d887

    • SHA256

      70a22dd03bb42970c17824e50e6c9a26d337d0241242b98f9f61462a1707f878

    • SHA512

      4bb49325fbadddb1779b91d0aafc755195e202d7a4dbdd6ae1a5a17dfdf798ff91828eee2a24450036b508d9d50db80cfc4695c8db6a330342782445a813ade1

    • SSDEEP

      393216:JinXoakgCRwnAWOmB1Iecpai7mKJiTzP7gQug07Mhm/XK:J+YuCRwn1OOxgmKJIXgF72m/K

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks