1e60513b4ee71a15d21c32ca13e163733eaff9a7dadf2eb989320548a4c13b78

Analysis

max time kernel
124s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZoraraUI.exe.WebView2/EBWebView/Default/Cache/Cache_Data/f_000001.gz
Size

170KB
MD5

d9d5de59488c160ec82077a175384aff
SHA1

0d3b0b2ad7636793e06406682dba49fc043000b7
SHA256

d50aeef84ae7e3685863249d28f6322e952792940fc5c851d921c9836332dab9
SHA512

daa64356473dc7143a864aa77895fd7258d61a5e4b6316fa4b4a258b18e20ef3805feed596fffd73dd7eb7e23522f097b5ba68ff705928c761aa20c38c08f3f2
SSDEEP

3072:TAdbCxeQJhYeIh+NXmqdFa+rzFu/UBILrcTypuQpBMBpB6AclI6Wy826:TA5CrYt8xmOFzAU8puQpBM1GUj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
836	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ZoraraUI.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000001.gz
1⤵
- Modifies registry class
PID:4812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1012,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
1⤵
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads