Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
19-07-2020 16:35
General
-
Target
zloader_1.17.0.0.vir.exe
-
Size
260KB
-
MD5
2cddc5e9482b049387c96b609ada8fea
-
SHA1
c8fb26a5a4776ceb5572c5139d9057a8040f68b8
-
SHA256
0b37d287d10b55a50f1a717a015503b64d3be3586f15a12a0085d61794864235
-
SHA512
d19429d362f80feace554706fa1d905148301d628e14ef086a66b175c94489e736f512b4284010d9a52090203dba71684a397c95017f8c0b16f0b0512c28f141
Score
5/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 13 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\zloader_1.17.0.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\zloader_1.17.0.0.vir.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\zloader_1.17.0.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\zloader_1.17.0.0.vir.exe"2⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe3⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/828-0-0x00000000007CC000-0x00000000007CD000-memory.dmpFilesize
4KB
-
memory/1312-1-0x0000000000400000-0x000000000041B000-memory.dmpFilesize
108KB
-
memory/1312-2-0x00000000004065AA-mapping.dmp
-
memory/1312-3-0x0000000000400000-0x000000000041B000-memory.dmpFilesize
108KB
-
memory/1392-4-0x0000000000000000-mapping.dmp
-
memory/1392-5-0x0000000000F10000-0x0000000001191000-memory.dmpFilesize
2.5MB