3e7d1567c944571df890567d89bdbebf6ce226f06038fa795ecd6a45bf6ad4a1

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e7d1567c944571df890567d89bdbebf6ce226f06038fa795ecd6a45bf6ad4a1.exe
Size

296KB
MD5

1b4d6b786b2f0a1bdd2a6f2de6b94810
SHA1

a507b67722aa6a7e7b40ae4b37877abf9de4978f
SHA256

3e7d1567c944571df890567d89bdbebf6ce226f06038fa795ecd6a45bf6ad4a1
SHA512

f0bdd68a52595a58b037990a18fce6d448469fd2ba07eb4f1f3ce46ce538195c1435bd8c8864982115d635bd961ee3b17281d5dc3bcac7b8197f0952e23b6986
SSDEEP

6144:USH4NMEb+Or4GO30OZ98XdIPxXnlw/xfnj5ht1DQUJcM:USH9Eb+E4hRZ98XdoJ4j5hXDQZM

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4924	znblaln.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\znblaln.exe	3e7d1567c944571df890567d89bdbebf6ce226f06038fa795ecd6a45bf6ad4a1.exe
File created	C:\PROGRA~3\Mozilla\czmmuxc.dll	znblaln.exe

C:\Users\Admin\AppData\Local\Temp\3e7d1567c944571df890567d89bdbebf6ce226f06038fa795ecd6a45bf6ad4a1.exe
"C:\Users\Admin\AppData\Local\Temp\3e7d1567c944571df890567d89bdbebf6ce226f06038fa795ecd6a45bf6ad4a1.exe"
1⤵
- Drops file in Program Files directory
PID:3444

C:\PROGRA~3\Mozilla\znblaln.exe
C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\znblaln.exe

Filesize
296KB

MD5
26b7c86ef83fde89f3ae2c11e8388a15

SHA1
4447fbcbb9b96f0444a836406667a167fd12dab1

SHA256
62be4438ebb4d6ec7ee716c751bcb6f8d1f9ce101ed182537abc48702f9af5d1

SHA512
620132d5579a1597ac47f3de92f15ccaefbb5e24d176c40753262a544055a5719f83260d8938795ccd9f21d1933e0244a538cbdca3177d1af2e7fbff4b49df9f

Download Submit
C:\ProgramData\Mozilla\znblaln.exe

Filesize
296KB

MD5
26b7c86ef83fde89f3ae2c11e8388a15

SHA1
4447fbcbb9b96f0444a836406667a167fd12dab1

SHA256
62be4438ebb4d6ec7ee716c751bcb6f8d1f9ce101ed182537abc48702f9af5d1

SHA512
620132d5579a1597ac47f3de92f15ccaefbb5e24d176c40753262a544055a5719f83260d8938795ccd9f21d1933e0244a538cbdca3177d1af2e7fbff4b49df9f

Download Submit
memory/3444-132-0x0000000002090000-0x00000000020EB000-memory.dmp

Filesize
364KB

Download
memory/3444-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3444-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3444-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4924-138-0x0000000000D80000-0x0000000000DDB000-memory.dmp

Filesize
364KB

Download
memory/4924-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4924-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download