478fc3ddaaa253dc2c817d32ec61afcaad26c39c2fd13a3800bbb2320c65a18a

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AkynGuNOxW.zip
Size

13.9MB
MD5

2b1ce866e0a5cca9d1d996f0aecf8cb2
SHA1

54926806f2c9c96d5c0ecf7eb0c70101bb4c4312
SHA256

478fc3ddaaa253dc2c817d32ec61afcaad26c39c2fd13a3800bbb2320c65a18a
SHA512

5d9ee18ec38022af993a5bcccd1452aedae57244e3cd68d9d2051c7b3b53614567b9ce075e778937f231394f5a3d2eb4eca050c7bdd7f0aebd035009bacada94
SSDEEP

393216:fkspUfT02n3y9QSdVUAcX/LznJ4DQL5LE1ubvIu5Z+mVXu+5r92hruZ:fbpUfTrAGjLzSDYw1gIau+N9x

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3820	7zFM.exe
1844	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	3820	7zFM.exe
Token: 35	3820	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3820	7zFM.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
728	BetterZoraraUI.exe
3052	BetterZoraraUI.exe
4440	BetterZoraraUI.exe
4348	BetterZoraraUI.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
1844	OpenWith.exe
3108	BetterZoraraUI.exe
2544	BetterZoraraUI.exe
4316	BetterZoraraUI.exe
4400	BetterZoraraUI.exe
812	BetterZoraraUI.exe
4868	BetterZoraraUI.exe
5012	BetterZoraraUI.exe
2832	BetterZoraraUI.exe
3236	BetterZoraraUI.exe
3260	BetterZoraraUI.exe
2440	BetterZoraraUI.exe
3096	BetterZoraraUI.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 2276	1844	OpenWith.exe	110
PID 1844 wrote to memory of 2276	1844	OpenWith.exe	110

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\AkynGuNOxW.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1400

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:728

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4440

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4348

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\AkynGuNOxW\scripts\os dos.lua
  2⤵
  PID:2276

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3108

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4316

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4400

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4868

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5012

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3236

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3260

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe
"C:\Users\Admin\Desktop\AkynGuNOxW\BetterZoraraUI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3096

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads