Overview

overview

8

Static

static

8

Mozi.m

windows7-x64

3

Mozi.m

windows10-1703-x64

3

Mozi.m

windows10-2004-x64

3

Mozi.m

windows11-21h2-x64

3

Resubmissions

07-07-2024 22:03

240707-1ym46a1elg 9

07-07-2024 21:57

240707-1t47wayfmm 8

07-02-2021 04:14

210207-2m45a29q5j 9

Analysis

  • max time kernel
    313s
  • max time network
    321s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07-07-2024 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mozi.m

  • Size

    132KB

  • MD5

    59ce0baba11893f90527fc951ac69912

  • SHA1

    5857a7dd621c4c3ebb0b5a3bec915d409f70d39f

  • SHA256

    4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7

  • SHA512

    c5b12797b477e5e5964a78766bb40b1c0d9fdfb8eef1f9aee3df451e3441a40c61d325bf400ba51048811b68e1c70a95f15e4166b7a65a4eca0c624864328647

  • SSDEEP

    3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioP:p3lOYoaja8xzx/0wsxzSi2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Mozi.m
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Mozi.m
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2280
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Mozi.m"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    39f24a1b93233592d063301daf82fd05

    SHA1

    9355010f8c6d873448a7bb4dfccb52be40c143e6

    SHA256

    c3d22bf03024daeebafb72cb137333bd651f82fce786454e20327b3e91e2d4ee

    SHA512

    c8605693aaceddc22c246b969a346f1a80ea8e3bd1e8e04ceb3d05de2452f8e75beb2f43e3a6cbb809697f16024c70fe322b5aaa8fa57c5482e28c2a9b892975

    Download Submit