ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5

Analysis

max time kernel
163s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe
Size

168KB
MD5

487bed241af2669d3f3ad40aa8d88fab
SHA1

f456033768632a7776c1d26eb9e9c8a4399ad689
SHA256

ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5
SHA512

f7e3940411aa6f7f9796fb8c361efc82aac56eab8496c5b4fd7bbbb04ae65cc3299b859cfaeda7dbef5add9d503ff233087c45af69ee7e79520515ff21d48592
SSDEEP

3072:Wbg/Zb5PCiXYteEp/tJzRg5eoEHhxAlJyRGQCfeypNfzSeKkCc:vBdPDIFJ/zRVoE8lJyJC2yp4e9

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4920	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe
"C:\Users\Admin\AppData\Local\Temp\ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe"
1⤵
- Drops file in Program Files directory
PID:2668

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
168KB

MD5
b1b2c547c4e6839a11bcef0a769dc135

SHA1
0b072f75b45471f5ce64e27a2a8637703f9d1117

SHA256
9fa9fd89f8853a434e912402a3a17478a0bb1fe9ac2d525f0d33081cabd52ac2

SHA512
822c885f895f7fff6db862ba6073a02355913fc39bf02a26b5c3d30c8792b42dcfe5d0fbed0793f6332b575098bc461aaae03d4a729bf2d0a8d7707c611fe0eb

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
168KB

MD5
b1b2c547c4e6839a11bcef0a769dc135

SHA1
0b072f75b45471f5ce64e27a2a8637703f9d1117

SHA256
9fa9fd89f8853a434e912402a3a17478a0bb1fe9ac2d525f0d33081cabd52ac2

SHA512
822c885f895f7fff6db862ba6073a02355913fc39bf02a26b5c3d30c8792b42dcfe5d0fbed0793f6332b575098bc461aaae03d4a729bf2d0a8d7707c611fe0eb

Download Submit
memory/2668-132-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2668-133-0x00000000009E0000-0x0000000000A3B000-memory.dmp

Filesize
364KB

Download
memory/4920-140-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4920-141-0x0000000000790000-0x00000000007EB000-memory.dmp

Filesize
364KB

Download