4e6fa76a7436db34f333229ff4fb355a60a98038702b828c31b38bf70a325a62 | Triage

Analysis

max time kernel
130s
max time network
145s
platform
windows7_x64
resource
win7
submitted
19-07-2020 17:24

Sharing

Report Analysis Logs

General

Target

zloader_1.4.1.0.vir.exe
Size

122KB
MD5

4fe348a6793b42a223caac836a16f7ca
SHA1

812a2f06977e0d7e59c7e32ce811eab7d3eff9f0
SHA256

4e6fa76a7436db34f333229ff4fb355a60a98038702b828c31b38bf70a325a62
SHA512

a308aa997d58b51c1fd9c70bbb4d40e1ea6439185de8758ca5373feb5196bcb5f3fe063e10eda27ec461320065c08fd7e876d0543529b1a15005c56c91ae0203

Score

1^/10

Malware Config

Signatures

Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

zloader_1.4.1.0.vir.exe

pid process

1612 zloader_1.4.1.0.vir.exe
1612 zloader_1.4.1.0.vir.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

zloader_1.4.1.0.vir.exe

description	pid	process	target process
PID 1612 wrote to memory of 364	1612	zloader_1.4.1.0.vir.exe	explorer.exe
PID 1612 wrote to memory of 364	1612	zloader_1.4.1.0.vir.exe	explorer.exe
PID 1612 wrote to memory of 364	1612	zloader_1.4.1.0.vir.exe	explorer.exe
PID 1612 wrote to memory of 364	1612	zloader_1.4.1.0.vir.exe	explorer.exe

C:\Users\Admin\AppData\Local\Temp\zloader_1.4.1.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zloader_1.4.1.0.vir.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1612

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
2⤵
PID:364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/364-0-0x0000000000000000-mapping.dmp

Download
memory/364-1-0x0000000000520000-0x00000000007A1000-memory.dmp

Filesize
2.5MB

Download