Analysis
-
max time kernel
135s -
max time network
135s -
platform
windows10_x64 -
resource
win10 -
submitted
16-10-2020 13:48
General
-
Target
YCRkFXS.dll
-
Size
764KB
-
MD5
1d36338becdf76e5245665e2833d8a38
-
SHA1
1c2c449a06873070a3e154069c8a71de3d6e908d
-
SHA256
15737d37308fb5a8745afb8c34249e387bad9b1d001f2fcaa44b8c0333286861
-
SHA512
391dfaab6326b9066d2be333eff53aab2c74a006fae5be93961d0bf1766d8ffb09c950093bbdcb7276047f574ba544f44c5f0835c0a0f3e764f02455fb375176
Score
10/10
Malware Config
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\YCRkFXS.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\YCRkFXS.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Blacklisted process makes network request
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1276-1-0x0000000002600000-0x0000000002629000-memory.dmpFilesize
164KB
-
memory/1276-2-0x0000000000000000-mapping.dmp
-
memory/4000-0-0x0000000000000000-mapping.dmp