c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066

Analysis

max time kernel
144s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe
Size

131KB
MD5

60f84ed9b140e85faf127a8ca438043d
SHA1

f19b6d1025c811acb8854296934ce6b050fb6af9
SHA256

c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066
SHA512

ea9d98aeca0c57d5e4e826b9df2735464630ddc01c477d48fb5225d7f008b8dd39075e8838d0aa3dada93c70244b383849d1b239d58c1c84eed1522d9f8fc8ec
SSDEEP

3072:1jxhM3kZOI2/Fs+fYLl288tOfk2MFVuIQ0DYpwm:Fxh9XRXLl2KfDWuIQ0Mpwm

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3728	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe
"C:\Users\Admin\AppData\Local\Temp\c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe"
1⤵
- Drops file in Program Files directory
PID:4204

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3728

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
131KB

MD5
7f76bf698d4c29f0a1d2758efd6a1681

SHA1
0e66d623bb117705301b3272b0bf76844a325a2f

SHA256
eaaf5e0218f483dcd67981931bf40ab22bceb2eb761a076827fd5c30777f7908

SHA512
7a87d45f7639c2b4a5005c07fd1124975806adfd9a06b4415057777834231fc37f0202c5690071adfff7efe94d059d505abe58c4bf14a96d594a83250dca2bc2

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
131KB

MD5
7f76bf698d4c29f0a1d2758efd6a1681

SHA1
0e66d623bb117705301b3272b0bf76844a325a2f

SHA256
eaaf5e0218f483dcd67981931bf40ab22bceb2eb761a076827fd5c30777f7908

SHA512
7a87d45f7639c2b4a5005c07fd1124975806adfd9a06b4415057777834231fc37f0202c5690071adfff7efe94d059d505abe58c4bf14a96d594a83250dca2bc2

Download Submit
memory/3728-140-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3728-141-0x0000000000790000-0x00000000007EB000-memory.dmp

Filesize
364KB

Download
memory/4204-132-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/4204-133-0x00000000006C0000-0x000000000071B000-memory.dmp

Filesize
364KB

Download