641082b5805ad60fe6493dd36bae8dfc390940bd1d15add162bef02345ff3f0e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

EZFN Launc...US.msi

windows7-x64

8

EZFN Launc...US.msi

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

EZFN Launcher_1.2.5_x64_en-US.msi
Size

7.1MB
Sample

241009-wb4q6svcjf
MD5

e418e4a9cb75024e14e1ec3e6e91e0a0
SHA1

6d82c663a6dcbe522c2cec7152be8acf53832196
SHA256

641082b5805ad60fe6493dd36bae8dfc390940bd1d15add162bef02345ff3f0e
SHA512

b921d77f1dafe44a6018c9552c3e216fd86cbd6e3e0c758dee0db3e7cb142c0178b8aad11dd2432696a121cb6d496b49431e79d8fe024afe58e987890a855c7d
SSDEEP

196608:FrBn5fZ9AA/AwF532R11xsNqe7I85IYYF1V:FLrdFgzsNB7I2IYY

Score

8^/10

discovery evasion execution persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

EZFN Launcher_1.2.5_x64_en-US.msi

Resource

win7-20240903-en

discovery execution

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

EZFN Launcher_1.2.5_x64_en-US.msi

Resource

win10v2004-20241007-en

discovery evasion execution persistence privilege_escalation trojan

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  EZFN Launcher_1.2.5_x64_en-US.msi
- Size
  
  7.1MB
- MD5
  
  e418e4a9cb75024e14e1ec3e6e91e0a0
- SHA1
  
  6d82c663a6dcbe522c2cec7152be8acf53832196
- SHA256
  
  641082b5805ad60fe6493dd36bae8dfc390940bd1d15add162bef02345ff3f0e
- SHA512
  
  b921d77f1dafe44a6018c9552c3e216fd86cbd6e3e0c758dee0db3e7cb142c0178b8aad11dd2432696a121cb6d496b49431e79d8fe024afe58e987890a855c7d
- SSDEEP
  
  196608:FrBn5fZ9AA/AwF532R11xsNqe7I85IYYF1V:FLrdFgzsNB7I2IYY
Score

8^/10

discovery execution evasion persistence privilege_escalation trojan
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Credential Access

Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryevasionexecutionpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy