596c6a4ff26f73f3b2a5d145261bb90ada2aaf0fe33442592064e9b5ca095a31

Analysis

max time kernel
75s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

596c6a4ff26f73f3b2a5d145261bb90ada2aaf0fe33442592064e9b5ca095a31.exe
Size

125KB
MD5

6b57a3063aa9a6181b864a80d34df600
SHA1

727492182f4f101a6001df632f90b3ddbbbbe8de
SHA256

596c6a4ff26f73f3b2a5d145261bb90ada2aaf0fe33442592064e9b5ca095a31
SHA512

77b6d8238ff0bb15ff7a0da959f718d73cfa8e90fff60f53525806537eb35241081b8474ede3e459f7d42ff6c29a6023c2f08a00b26843f108fc54a644741453
SSDEEP

1536:S6y4iBGThiggyqSgPI8K1hbEOac4tjXFraZ71Oh8CA5QrcVmBB/AffvBFH0zHSbs:SGThiabgPIjPbEACVa7eLr9B+e8s

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3740	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	596c6a4ff26f73f3b2a5d145261bb90ada2aaf0fe33442592064e9b5ca095a31.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\596c6a4ff26f73f3b2a5d145261bb90ada2aaf0fe33442592064e9b5ca095a31.exe
"C:\Users\Admin\AppData\Local\Temp\596c6a4ff26f73f3b2a5d145261bb90ada2aaf0fe33442592064e9b5ca095a31.exe"
1⤵
- Drops file in Program Files directory
PID:3408

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
125KB

MD5
9bf0bb89bd9f88a428fe1756414b91f9

SHA1
81c5376b16293c75bf5795894ef059e527c030a9

SHA256
ffd9c762947e88d72b2bd4bf9eb7bddd94185bc7451c54e8ee6c7055acc039f3

SHA512
b084dac6857b34b874ed90d78239e8d1f7114ab2102faeab5fbb6dbd56e1744418da4a0abe22a01b75c39bb183d7793dffbeee873d9640f7016b57500961db79

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
125KB

MD5
9bf0bb89bd9f88a428fe1756414b91f9

SHA1
81c5376b16293c75bf5795894ef059e527c030a9

SHA256
ffd9c762947e88d72b2bd4bf9eb7bddd94185bc7451c54e8ee6c7055acc039f3

SHA512
b084dac6857b34b874ed90d78239e8d1f7114ab2102faeab5fbb6dbd56e1744418da4a0abe22a01b75c39bb183d7793dffbeee873d9640f7016b57500961db79

Download Submit
memory/3408-132-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3408-133-0x00000000025B0000-0x000000000260B000-memory.dmp

Filesize
364KB

Download
memory/3740-140-0x0000000000E20000-0x0000000000E7B000-memory.dmp

Filesize
364KB

Download
memory/3740-145-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download