c7d7e6c6dc477e5fdb2b2a26eed1b53e77d455dbec8df800927a5bae69a2cc10 | Triage

Analysis

max time kernel
148s
max time network
144s
platform
windows7_x64
resource
win7
submitted
19-07-2020 19:22

Sharing

Report Analysis Logs

General

Target

zloader_1.15.4.0.vir.exe
Size

352KB
MD5

a7aeb6dc35eeb3dfae02f9306d6426a1
SHA1

1f3fba90f7fc853319f8546568c7f9fbe5f1e0ee
SHA256

c7d7e6c6dc477e5fdb2b2a26eed1b53e77d455dbec8df800927a5bae69a2cc10
SHA512

3a493c066578f433da6bf2076d057f017d64fc3337a26e6dc327cf3592c8b56f36b855f03254ccadd61d98bcc47bcbe4f8e8e41302c28e746686fcf8f64af6e2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

zloader_1.15.4.0.vir.exe

description	pid	process	target process
PID 1496 wrote to memory of 1636	1496	zloader_1.15.4.0.vir.exe	explorer.exe
PID 1496 wrote to memory of 1636	1496	zloader_1.15.4.0.vir.exe	explorer.exe
PID 1496 wrote to memory of 1636	1496	zloader_1.15.4.0.vir.exe	explorer.exe
PID 1496 wrote to memory of 1636	1496	zloader_1.15.4.0.vir.exe	explorer.exe

Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

zloader_1.15.4.0.vir.exe

pid process

1496 zloader_1.15.4.0.vir.exe
1496 zloader_1.15.4.0.vir.exe

C:\Users\Admin\AppData\Local\Temp\zloader_1.15.4.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zloader_1.15.4.0.vir.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
PID:1496

C:\Windows\SysWOW64\explorer.exe
explorer.exe
2⤵
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1636-0-0x0000000000000000-mapping.dmp

Download
memory/1636-1-0x0000000000630000-0x00000000008B1000-memory.dmp

Filesize
2.5MB

Download