Analysis
-
max time kernel
91s -
max time network
152s -
platform
windows10_x64 -
resource
win10 -
submitted
27-10-2020 14:42
Static task
static1
Behavioral task
behavioral1
Sample
142cf09ef1d30a422dbf43803e7c1517.dll
Resource
win7
General
-
Target
142cf09ef1d30a422dbf43803e7c1517.dll
-
Size
652KB
-
MD5
142cf09ef1d30a422dbf43803e7c1517
-
SHA1
f1d680faed22c11ffcc8d103bbed2794ca1089f0
-
SHA256
84e360a829386b13dbf487803bc7b8a04f68b9b743ebfa3c9eea76abe00773d4
-
SHA512
75700b1bef08eedc36cfcf93449e3575140d94dca96108d663252debbe48303ab97dc2b0b2b4a1c5139f857fb307b54807630c524b31adfa11b53d9820ebd183
Malware Config
Extracted
zloader
nut
26/10
https://kare.academy/wl9nfl.php
https://skal.tk/a0qqpr.php
https://casascala.isoladelba.it/1lhdcb.php
https://tamilgreets.com/0vjkrn.php
https://ahoracallao.com/kzqlgx.php
https://shbiolabs.com/gkqm9o.php
https://bmavan.com/qshecj.php
https://barsoleillevant.fr/czdhxu.php
https://innovabusiness.cv/assly0.php
https://mevededustderin.tk/wp-smarts.php
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3980 wrote to memory of 3968 3980 rundll32.exe rundll32.exe PID 3980 wrote to memory of 3968 3980 rundll32.exe rundll32.exe PID 3980 wrote to memory of 3968 3980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\142cf09ef1d30a422dbf43803e7c1517.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\142cf09ef1d30a422dbf43803e7c1517.dll,#12⤵