Overview

overview

3

Static

static

1

zbxl.zip

windows7-x64

1

zbxl.zip

windows10-2004-x64

3

Analysis

  • max time kernel
    279s
  • max time network
    281s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-10-2024 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zbxl.zip

  • Size

    43.8MB

  • MD5

    da596c5fa1bfe53dc6ef777e810c2e7d

  • SHA1

    dc756fddd264eaadcc0c8e8576d11259bbe1c150

  • SHA256

    eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

  • SHA512

    bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3

  • SSDEEP

    196608:rAA/coo9ZmMOfGI0QIdgCUlo1JKq5LJ2q82M/nSk827:rAHX9DQGI0Q321tr82MPl

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 39 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\zbxl.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3460
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2816
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\zbxl\" -ad -an -ai#7zMap32093:88:7zEvent30435
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3284
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
      • System Location Discovery: System Language Discovery
      PID:1708
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1516
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault86f3724fh6155h4790h9bd4hea03e383f906
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3484
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe592146f8,0x7ffe59214708,0x7ffe59214718
        2⤵
          PID:1484
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7526891844567066967,16732420501687862592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
          2⤵
            PID:3868
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7526891844567066967,16732420501687862592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2888
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7526891844567066967,16732420501687862592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
            2⤵
              PID:4124
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:3304
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:2152
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault33eba541h4069h4e28hb7d4h838cd89f5fc3
                1⤵
                  PID:412
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe592146f8,0x7ffe59214708,0x7ffe59214718
                    2⤵
                      PID:1736
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10199202783464992561,8615056875993432663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
                      2⤵
                        PID:2520
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10199202783464992561,8615056875993432663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2680
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10199202783464992561,8615056875993432663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
                        2⤵
                          PID:4580
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1532
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3544

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            7de1bbdc1f9cf1a58ae1de4951ce8cb9

                            SHA1

                            010da169e15457c25bd80ef02d76a940c1210301

                            SHA256

                            6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                            SHA512

                            e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            85ba073d7015b6ce7da19235a275f6da

                            SHA1

                            a23c8c2125e45a0788bac14423ae1f3eab92cf00

                            SHA256

                            5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                            SHA512

                            eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                            Filesize

                            331B

                            MD5

                            858315901a150e003b23ce7ee9b429c8

                            SHA1

                            8907e593dcb24b795a98244c5b9ac8ad14a67777

                            SHA256

                            cb1d09adbe98fc72b812f33dced20660cd6b1718f76c3e33c377301fd6be2fdc

                            SHA512

                            a58d4c45a5976aba02296fe0c31cfed6f0434723f3d723a3bb48de93e317f50491a6a2d5bbda818688f098d9ae0dbd6f4bccc45a04abff49ba1a8857cd5d8de8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            1d86fbb296ce5c018545c846c1e0d1e1

                            SHA1

                            586949c4b65b15898c6d84feb1513221fb43a190

                            SHA256

                            0536dd3d3daeaa13a9c269fbb719ad2d83afb95a2a3193bdbd1087bf599c5a27

                            SHA512

                            42d7cf5bbfe5bc5d42c5a5a9dd3208a4c31252352b6ed6fbaa6941798965ec2e095793dacde1db28bec66d0bf4984015fafe004c6f9cfd6ab2bdb7b7b97c9fdf

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                            Filesize

                            347B

                            MD5

                            59c9d60d2b19a867725b97d3b4184839

                            SHA1

                            d0238eafef96b2fdcc9918acd069abb47888cfaa

                            SHA256

                            4c897c892f9d79adadab42f7ffcacf88294f548ec6627cc1b3db213b7206219b

                            SHA512

                            7107a76c9183feb288dc1bd5c33eabd943ea772a2a9614bd87d99923309e684307efbc8242e3abbaeeebd0d4d88ac6848b4bdbdc417c4e06a23c9b131249bdd2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                            Filesize

                            323B

                            MD5

                            370eb2519e5b9e7fc6319640d5839e1e

                            SHA1

                            ca824c466c4a36b6df8dc2b7bb830b35a2f02e03

                            SHA256

                            4e7d30a773749f724104c509ba86c291abcd9a978a028f605ed9dac9fdd9d066

                            SHA512

                            e08381f88bc47f76d049f4f2e91430227e38984d6f212ca84edb44c615000c0c33b057ba374faecbda43261480eab57712818ea3cdc2be1a7e3fe4378661bd9e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                            Filesize

                            11B

                            MD5

                            838a7b32aefb618130392bc7d006aa2e

                            SHA1

                            5159e0f18c9e68f0e75e2239875aa994847b8290

                            SHA256

                            ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                            SHA512

                            9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            8KB

                            MD5

                            eec96ba18b61bc5a0b6116abbd1626fb

                            SHA1

                            f50e8ef8b1918f6acf5fd4c7f47b869764eb5179

                            SHA256

                            db9e1c2a739625a560d438da5444c06b92b13604a82f5de1598527870eaa87d2

                            SHA512

                            8fc74fb40dbf48c387c9956d7b702e2ecf962a2da8102e41455d66f9b699ea06706f843663e4f685e3b40bcaf0e23a70100fefde51d3327111fb431975b3b1e8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                            Filesize

                            264KB

                            MD5

                            f50f89a0a91564d0b8a211f8921aa7de

                            SHA1

                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                            SHA256

                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                            SHA512

                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            Download Submit