54a965b031265e591db5ca4e9f3e2774bd1dbf7e25b994661834a49833c5ef4f

Analysis

max time kernel
103s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54a965b031265e591db5ca4e9f3e2774bd1dbf7e25b994661834a49833c5ef4f.exe
Size

270KB
MD5

823ec4c199e02e6cccc89cf6e92d9250
SHA1

e1321b3d0e2dfc99bfd7dbe1e31df30e6605c244
SHA256

54a965b031265e591db5ca4e9f3e2774bd1dbf7e25b994661834a49833c5ef4f
SHA512

ec1aee7e6ed53d11226d7a24e01084a2b87b71f0b4c0bf2f62ffc50fe0b74a9c4147c2a9f208982b78fa4e855c79feb156b8f7d208595cbade9d684d11ed3123
SSDEEP

6144:CDJVazMKV31FdaQvXluxqU+A/0y+nt75voqQEnHv0CxN8H9RJPD:CDJM/bXntAh+nhZoqQEHvVIzJPD

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3912	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	54a965b031265e591db5ca4e9f3e2774bd1dbf7e25b994661834a49833c5ef4f.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\54a965b031265e591db5ca4e9f3e2774bd1dbf7e25b994661834a49833c5ef4f.exe
"C:\Users\Admin\AppData\Local\Temp\54a965b031265e591db5ca4e9f3e2774bd1dbf7e25b994661834a49833c5ef4f.exe"
1⤵
- Drops file in Program Files directory
PID:2760

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3912

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
270KB

MD5
4b5973045a5e137ffbb28551ad4a2c68

SHA1
4cc2a5042ab7b34b290cdad9b467103309725a10

SHA256
f17a2ee6f96e4b06b223cd5a7731dc2acacfd7f7a730552a77384d32cb766ea3

SHA512
dc356ddfb1af8c7464e6867ab9619a7d1e9ddacefdbccf71af6a7de632e2b9fb567e461a52f957351aa52bcb6c96d98704674931fdeacdf2bc9d203aa38a9b50

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
270KB

MD5
4b5973045a5e137ffbb28551ad4a2c68

SHA1
4cc2a5042ab7b34b290cdad9b467103309725a10

SHA256
f17a2ee6f96e4b06b223cd5a7731dc2acacfd7f7a730552a77384d32cb766ea3

SHA512
dc356ddfb1af8c7464e6867ab9619a7d1e9ddacefdbccf71af6a7de632e2b9fb567e461a52f957351aa52bcb6c96d98704674931fdeacdf2bc9d203aa38a9b50

Download Submit
memory/2760-132-0x00000000009B0000-0x0000000000A0B000-memory.dmp

Filesize
364KB

Download
memory/2760-137-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3912-140-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3912-141-0x0000000000490000-0x00000000004EB000-memory.dmp

Filesize
364KB

Download
memory/3912-146-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download