e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db

Analysis

max time kernel
104s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db.exe
Size

188KB
MD5

5adb4b70dbb81b917f9e94fd01cb9350
SHA1

dafe1575f5d20e1c13e4d3ed1e6fe9e7a5453f55
SHA256

e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db
SHA512

37a2f0cb9dd1c8d1671af951bcc89f97585678bc6e04eb0588aa8c76f98561d8702afd1d0de2f7e2a1abe81d2b03a19a8ccdb703656f5321c377a6b0e91cb1de
SSDEEP

3072:g7KEcx/PGumsUbjdor/7BS4e9rPSFgLccpFQSZK+IyrfY2Nmo3bb0sBF:gGt/hU1YjBS4A7SqRhjrfYozLb0s/

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
216	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db.exe
"C:\Users\Admin\AppData\Local\Temp\e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db.exe"
1⤵
- Drops file in Program Files directory
PID:2844

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:216

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
188KB

MD5
09dcdca59d98b262ec4dc42f6ddc4168

SHA1
dfa06e1d99301b6a115ae1a63ca53f4a756d24e2

SHA256
d9ee7e4a163b61d38c70a686fb4d7c1a5c5b81dec805af260ecd37bd3a293528

SHA512
92dea6b403b9000e2c039c4612eb14c506fc9d8289158d9bbae9064c62e71a78c6b3611962b4f85fe77789f6799f51f365d6dc340e284c2137cf9a10184aad2b

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
188KB

MD5
09dcdca59d98b262ec4dc42f6ddc4168

SHA1
dfa06e1d99301b6a115ae1a63ca53f4a756d24e2

SHA256
d9ee7e4a163b61d38c70a686fb4d7c1a5c5b81dec805af260ecd37bd3a293528

SHA512
92dea6b403b9000e2c039c4612eb14c506fc9d8289158d9bbae9064c62e71a78c6b3611962b4f85fe77789f6799f51f365d6dc340e284c2137cf9a10184aad2b

Download Submit
memory/216-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/216-141-0x0000000000C10000-0x0000000000C6B000-memory.dmp

Filesize
364KB

Download
memory/2844-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2844-133-0x0000000000590000-0x00000000005EB000-memory.dmp

Filesize
364KB

Download