3dcac7b514a388b43598fb397cfac6f6fe1bf635218c6c43181c8bfd420e3dab

Analysis

max time kernel
170s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dcac7b514a388b43598fb397cfac6f6fe1bf635218c6c43181c8bfd420e3dab.exe
Size

260KB
MD5

47675bc329e91931c39283a228588510
SHA1

6da5a33315708ef4d400ae67b5c94e8cb763cff4
SHA256

3dcac7b514a388b43598fb397cfac6f6fe1bf635218c6c43181c8bfd420e3dab
SHA512

d4ae8dec1618871e8e89e08406935526c799a1d7d3eaff4171221152d670742e973aa6f47d7663bbdc706efd32d57683e48ca35e77f8a276aa14779b54e4f6ef
SSDEEP

6144:CDJVazMKV31FdaQvXluxqU+A/0y+nt75voqQEnHv0CxN8H9Rf:CDJM/bXntAh+nhZoqQEHvVIzf

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3836	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	3dcac7b514a388b43598fb397cfac6f6fe1bf635218c6c43181c8bfd420e3dab.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\3dcac7b514a388b43598fb397cfac6f6fe1bf635218c6c43181c8bfd420e3dab.exe
"C:\Users\Admin\AppData\Local\Temp\3dcac7b514a388b43598fb397cfac6f6fe1bf635218c6c43181c8bfd420e3dab.exe"
1⤵
- Drops file in Program Files directory
PID:3844

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3836

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
260KB

MD5
5769d9e2b036a2bb825bfcaaedf983ad

SHA1
efd3b326508b6dffb77eab13ca05ba47972bae7a

SHA256
ffc218ac6b12992f27ef6704e8be366a4a027ab164c648c90dc4def513991278

SHA512
2ecc782523a0af8aeeb39a51bf4f982e352576db6619b4c9a0e52ee19bf81671de3595548898c15118ec73f86413b50b62b4ef56921e19fd223849b5eeb2cd02

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
260KB

MD5
5769d9e2b036a2bb825bfcaaedf983ad

SHA1
efd3b326508b6dffb77eab13ca05ba47972bae7a

SHA256
ffc218ac6b12992f27ef6704e8be366a4a027ab164c648c90dc4def513991278

SHA512
2ecc782523a0af8aeeb39a51bf4f982e352576db6619b4c9a0e52ee19bf81671de3595548898c15118ec73f86413b50b62b4ef56921e19fd223849b5eeb2cd02

Download Submit
memory/3836-140-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3836-141-0x0000000000570000-0x00000000005CB000-memory.dmp

Filesize
364KB

Download
memory/3844-132-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3844-133-0x0000000000560000-0x00000000005BB000-memory.dmp

Filesize
364KB

Download