Analysis
-
max time kernel
143s -
max time network
147s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
31-10-2020 09:13
General
-
Target
Exampleth.dll
-
Size
452KB
-
MD5
1c48729a2cfa0b985e36818822858436
-
SHA1
19d51e298f43c00af96861f1f6ffaf39132a187d
-
SHA256
f2e73ee6ab0ad79e0cd537bd856d9e694851912283bca7fb73eb3fc335528353
-
SHA512
538c1ddd8be6c91f99f5579589877031a89f64743678d3f1f6d3a2b10ff861f76768ff7d8bc7d4d2c7826ab820d2c4ff254eacb60a76fdf7c1af43c9bf72d424
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
miguel
Campaign
17/04
C2
https://lgepubbf.icu/wp-config.php
https://ajvwdjtebb.pw/wp-config.php
rc4.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Exampleth.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Exampleth.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/916-0-0x0000000000000000-mapping.dmp
-
memory/1180-1-0x0000000000090000-0x00000000000C4000-memory.dmpFilesize
208KB
-
memory/1180-2-0x0000000000110000-0x0000000000111000-memory.dmpFilesize
4KB
-
memory/1180-3-0x0000000000090000-0x00000000000C4000-memory.dmpFilesize
208KB
-
memory/1180-4-0x0000000000000000-mapping.dmp
-
memory/1936-5-0x000007FEF7020000-0x000007FEF729A000-memory.dmpFilesize
2.5MB