Overview

overview

10

Static

static

3

24f066d9e9...80.exe

windows7-x64

10

24f066d9e9...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24f066d9e9ab486f3287f36793869289dd461d5c3b1e229034a9b77fd9edf880.exe

  • Size

    204KB

  • MD5

    d5cf9f9aba4bbf387c22c9f25b267294

  • SHA1

    ad7e76eb794cb45bda8d8ff3c35299342844af5c

  • SHA256

    24f066d9e9ab486f3287f36793869289dd461d5c3b1e229034a9b77fd9edf880

  • SHA512

    524f29e9c3762b1ece14980465e29a5122a79f25048a08ddd58420cf2b4fc0a6e161323e1a3660eb3011c3a194ab23a733af59da2f131d75494b63cba8834e1e

  • SSDEEP

    3072:amlW8p0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWqvB:V0O4QxL7B9W0c1RCzR/fSmlXB

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24f066d9e9ab486f3287f36793869289dd461d5c3b1e229034a9b77fd9edf880.exe
    "C:\Users\Admin\AppData\Local\Temp\24f066d9e9ab486f3287f36793869289dd461d5c3b1e229034a9b77fd9edf880.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1576
    • C:\Users\Admin\zelen.exe
      "C:\Users\Admin\zelen.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\zelen.exe
    Filesize

    204KB

    MD5

    3068f1c93f1f94d4682d24ce05d6e58f

    SHA1

    d262d0126949b96fa0526a1ff4409cc91b8f041e

    SHA256

    77aa37b4e7802fc31fe3122759d049206d794335ca28bba03217b0c0432c8139

    SHA512

    adaeaf3839611a7139b71f791506f4a78aab8ec39b8ee832d43c76c4236b6a0782008bcb58d41daf9dfb6908092e146e77b4961b485c1f873c91a229c12d3fe7

    Download Submit