ea650b6ae1136d8d3167f57e9a803afaaeeed4e6c1321ea39762439651f7964f

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2022 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea650b6ae1136d8d3167f57e9a803afaaeeed4e6c1321ea39762439651f7964f.exe
Size

175KB
MD5

5ffae7109b7b19beb255e945dbe2a0e0
SHA1

6d075a30725c17ea61a3ff13e413ebc352065579
SHA256

ea650b6ae1136d8d3167f57e9a803afaaeeed4e6c1321ea39762439651f7964f
SHA512

f9b073b0eb94a04c80d9581997b21c27c57a4c2babfd319d51518e77660c7ae3764c0f722da17d648a9632dcb38fd7312af0749103ebc5b1fb218bfa2da6e018
SSDEEP

3072:SGxOwEI4rrlYORpXxjgk5R9/2tlqy8eoTqvnBLhzcSo3hcccK+XjNBDUwPPNax:ROwmR/pMk9+tcyDxvBdzcpaUwFax

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5044	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	ea650b6ae1136d8d3167f57e9a803afaaeeed4e6c1321ea39762439651f7964f.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\ea650b6ae1136d8d3167f57e9a803afaaeeed4e6c1321ea39762439651f7964f.exe
"C:\Users\Admin\AppData\Local\Temp\ea650b6ae1136d8d3167f57e9a803afaaeeed4e6c1321ea39762439651f7964f.exe"
1⤵
- Drops file in Program Files directory
PID:1496

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
175KB

MD5
20831ce896b75b5ce0d20ed0dc095a8e

SHA1
eba1749ccb78ae808a6114bbb43ca59844e0fcea

SHA256
275de1d0310039560f18b60cb579f695077b30dffd78c67925b5ff4a1fa47d43

SHA512
dc8f01edc62c29a4ae473e015c14c5614538ea49cd45d2f8d662bb847cd6ea0b1375f54448d45b413d5a4e3472b7f87eb421bddaaa87fb604106345bc6b93dd5

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
175KB

MD5
20831ce896b75b5ce0d20ed0dc095a8e

SHA1
eba1749ccb78ae808a6114bbb43ca59844e0fcea

SHA256
275de1d0310039560f18b60cb579f695077b30dffd78c67925b5ff4a1fa47d43

SHA512
dc8f01edc62c29a4ae473e015c14c5614538ea49cd45d2f8d662bb847cd6ea0b1375f54448d45b413d5a4e3472b7f87eb421bddaaa87fb604106345bc6b93dd5

Download Submit
memory/1496-132-0x00000000021D0000-0x000000000222B000-memory.dmp

Filesize
364KB

Download
memory/1496-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1496-134-0x00000000021D0000-0x000000000222B000-memory.dmp

Filesize
364KB

Download
memory/1496-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1496-138-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5044-139-0x0000000000D70000-0x0000000000DCB000-memory.dmp

Filesize
364KB

Download
memory/5044-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5044-141-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download