Overview

overview

3

Static

static

3

ZoraraVVVER2.8.zip

windows11-21h2-x64

1

ZoraraUI.deps.json

windows11-21h2-x64

3

ZoraraUI.r...g.json

windows11-21h2-x64

3

bin/Monaco...in.css

windows11-21h2-x64

3

settings.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...et.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/..._1.txt

windows11-21h2-x64

3

workspace/..._2.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...tefile

windows11-21h2-x64

1

workspace/...le.txt

windows11-21h2-x64

3

workspace/...29.txt

windows11-21h2-x64

3

workspace/...22.lua

windows11-21h2-x64

3

workspace/...ed.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...es.txt

windows11-21h2-x64

3

workspace/...t.json

windows11-21h2-x64

3

workspace/...em.png

windows11-21h2-x64

3

workspace/...n1.png

windows11-21h2-x64

3

workspace/...on.png

windows11-21h2-x64

3

workspace/...nd.png

windows11-21h2-x64

3

workspace/...on.png

windows11-21h2-x64

3

workspace/...st.png

windows11-21h2-x64

3

workspace/...r1.png

windows11-21h2-x64

3

workspace/...on.png

windows11-21h2-x64

3

workspace/...on.png

windows11-21h2-x64

3

xxhash.dll

windows11-21h2-x64

1

zstd.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/09/2024, 03:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/Monaco/vs/editor/editor.main.css

  • Size

    294KB

  • MD5

    23c7db6e12f6454ef6e7fb98d17924d8

  • SHA1

    06398b44a338db5eeab2d461347334fc69af5af1

  • SHA256

    615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451

  • SHA512

    5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924

  • SSDEEP

    6144:TzsUTrsZ7KcNkuwcv2As0aMY/Y/RR9MtpWKco:TzsUTrsZXkW4/50i

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\bin\Monaco\vs\editor\editor.main.css
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\bin\Monaco\vs\editor\editor.main.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:4908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.