35af60954ccabfc4d93266181406082da32d9dc1f9c6df9ac099669788ba2c74

Analysis

max time kernel
123s
max time network
225s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35af60954ccabfc4d93266181406082da32d9dc1f9c6df9ac099669788ba2c74.exe
Size

143KB
MD5

3003de43dd352120a39728c6e532e370
SHA1

492ea9cd135f6d2448829ab9b200917b048315c9
SHA256

35af60954ccabfc4d93266181406082da32d9dc1f9c6df9ac099669788ba2c74
SHA512

1b7d370f634cc1de6a31a422f713391099ec9ec9295f5150012b26b0d9bad78d1f128fc4dcffce40042bcc9af462a21b954d67ae5ea7cdcb7f12c0e299163042
SSDEEP

3072:VvlGJJc6bR/fuF0IGcceUnriXHTGnu3vyiX1X7F:VkJc6tnuF0ITceUrNuRXB

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
408	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	35af60954ccabfc4d93266181406082da32d9dc1f9c6df9ac099669788ba2c74.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\35af60954ccabfc4d93266181406082da32d9dc1f9c6df9ac099669788ba2c74.exe
"C:\Users\Admin\AppData\Local\Temp\35af60954ccabfc4d93266181406082da32d9dc1f9c6df9ac099669788ba2c74.exe"
1⤵
- Drops file in Program Files directory
PID:5036

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
143KB

MD5
9594decdcb6edcfab54fd664418bc097

SHA1
3441f9efe210d4050b4761a3a81a747652e630f0

SHA256
28861e77025c79ef6e60ea10e5e20e3820e6dcf5f2d8e09f3edfd6014b39b707

SHA512
cee46cac93c4f23ca5cb939b43873366fc7840a81caa231d92fa952fac7685bc8209b223193585915b163eb235f87227d163b7695656b27b3fa99319b433f23d

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
143KB

MD5
9594decdcb6edcfab54fd664418bc097

SHA1
3441f9efe210d4050b4761a3a81a747652e630f0

SHA256
28861e77025c79ef6e60ea10e5e20e3820e6dcf5f2d8e09f3edfd6014b39b707

SHA512
cee46cac93c4f23ca5cb939b43873366fc7840a81caa231d92fa952fac7685bc8209b223193585915b163eb235f87227d163b7695656b27b3fa99319b433f23d

Download Submit
memory/408-143-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/408-144-0x0000000000D30000-0x0000000000D8B000-memory.dmp

Filesize
364KB

Download
memory/408-149-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/5036-135-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/5036-136-0x0000000002160000-0x00000000021BB000-memory.dmp

Filesize
364KB

Download