Analysis
-
max time kernel
141s -
max time network
141s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
19-07-2020 17:24
General
-
Target
zloader_1.4.1.0.vir.exe
-
Size
122KB
-
MD5
4fe348a6793b42a223caac836a16f7ca
-
SHA1
812a2f06977e0d7e59c7e32ce811eab7d3eff9f0
-
SHA256
4e6fa76a7436db34f333229ff4fb355a60a98038702b828c31b38bf70a325a62
-
SHA512
a308aa997d58b51c1fd9c70bbb4d40e1ea6439185de8758ca5373feb5196bcb5f3fe063e10eda27ec461320065c08fd7e876d0543529b1a15005c56c91ae0203
Score
3/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\zloader_1.4.1.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\zloader_1.4.1.0.vir.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 4082⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1600-0-0x0000000000000000-mapping.dmp
-
memory/1600-1-0x0000000000BF0000-0x000000000102F000-memory.dmpFilesize
4.2MB
-
memory/1600-2-0x0000000000BF0000-0x000000000102F000-memory.dmpFilesize
4.2MB
-
memory/1612-3-0x00000000044A0000-0x00000000044A1000-memory.dmpFilesize
4KB
-
memory/1612-4-0x0000000004CA0000-0x0000000004CA1000-memory.dmpFilesize
4KB