5cba3f7da36c19bc48ceb0fd6424877d5659472fb2a19b7063e5b381aade699c | Triage

Analysis

max time kernel
151s
max time network
144s
platform
windows7_x64
resource
win7v200430
submitted
19-07-2020 19:50

Sharing

Report Analysis Logs

General

Target

zloader_1.18.1.0.vir.exe
Size

292KB
MD5

ce2692dbfca48403373bc52d7a59365e
SHA1

2eed9c5a44fcc5cf3d3aca6c5839e4a842828c69
SHA256

5cba3f7da36c19bc48ceb0fd6424877d5659472fb2a19b7063e5b381aade699c
SHA512

f133f4b68126b4ebe664b802139668815442d9bc0ada2f99d515b59df2d478dc102c29b29fb103d3da330c4433935c6075c694ec9bb4ef06d6b9eb869276e5b6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

zloader_1.18.1.0.vir.exe

description	pid	process	target process
PID 1520 wrote to memory of 280	1520	zloader_1.18.1.0.vir.exe	explorer.exe
PID 1520 wrote to memory of 280	1520	zloader_1.18.1.0.vir.exe	explorer.exe
PID 1520 wrote to memory of 280	1520	zloader_1.18.1.0.vir.exe	explorer.exe
PID 1520 wrote to memory of 280	1520	zloader_1.18.1.0.vir.exe	explorer.exe

Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

zloader_1.18.1.0.vir.exe

pid process

1520 zloader_1.18.1.0.vir.exe
1520 zloader_1.18.1.0.vir.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

explorer.exe

pid process

280 explorer.exe
280 explorer.exe
280 explorer.exe
280 explorer.exe
280 explorer.exe
280 explorer.exe

C:\Users\Admin\AppData\Local\Temp\zloader_1.18.1.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zloader_1.18.1.0.vir.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
PID:1520

C:\Windows\SysWOW64\explorer.exe
explorer.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/280-0-0x0000000000000000-mapping.dmp

Download
memory/280-1-0x0000000000E00000-0x0000000001081000-memory.dmp

Filesize
2.5MB

Download