Overview

overview

8

Static

static

6e8b99b966...be.exe

windows7-x64

8

6e8b99b966...be.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e8b99b966a23404a1b523aaf4b0e1af2266e71f283e9935a1e8e44b08e011be.exe

  • Size

    450KB

  • MD5

    6681da01f2df49955afa33052c2beb90

  • SHA1

    ac7c5d7e6be1a16988765d4c1fa0d9538aa56f5f

  • SHA256

    6e8b99b966a23404a1b523aaf4b0e1af2266e71f283e9935a1e8e44b08e011be

  • SHA512

    e9e2ad3b1eea1381b426125d8671fe197f783ccdc7640cf3e33a43b92664284fe62335d7a6351251f7afcafcf7b506392bf8ee5f943e90b3fb9ac2f02f138cb5

  • SSDEEP

    6144:h0bR1+5SNtuCmdAcJDpo6FPPtVkMcmd3q4U1U8Kx7HRC68d8N3hvXEP8j0foHSAm:21iSNkjo6dHkM7dTd7g5dtPG6ia5R

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e8b99b966a23404a1b523aaf4b0e1af2266e71f283e9935a1e8e44b08e011be.exe
    "C:\Users\Admin\AppData\Local\Temp\6e8b99b966a23404a1b523aaf4b0e1af2266e71f283e9935a1e8e44b08e011be.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4968
  • C:\PROGRA~3\Mozilla\znblaln.exe
    C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4220

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\znblaln.exe
    Filesize

    450KB

    MD5

    36ae99173be3592effff2c3a3d24a4c6

    SHA1

    b0290b49df38ef7029f77e89d59c45e9c2a86723

    SHA256

    d8e44551dbd208ecb6704a5544b9bb0521f1628f2a9273343cb33cb8f417271a

    SHA512

    6c108f249c0e8a3a63c449c1d723fbef366f41b90339442f9c5a4a5c904b78bf6acc07c4e9a917396eed6d9ffa2b7bec1c7fcd33609f8510d40b25d366b1d260

    Download Submit

  • C:\ProgramData\Mozilla\znblaln.exe
    Filesize

    450KB

    MD5

    36ae99173be3592effff2c3a3d24a4c6

    SHA1

    b0290b49df38ef7029f77e89d59c45e9c2a86723

    SHA256

    d8e44551dbd208ecb6704a5544b9bb0521f1628f2a9273343cb33cb8f417271a

    SHA512

    6c108f249c0e8a3a63c449c1d723fbef366f41b90339442f9c5a4a5c904b78bf6acc07c4e9a917396eed6d9ffa2b7bec1c7fcd33609f8510d40b25d366b1d260

    Download Submit

  • memory/4220-138-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4220-139-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4968-132-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4968-133-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download