Overview

overview

10

Static

static

1

zloader.exe

windows7_x64

10

zloader.exe

windows10_x64

10

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    02-11-2020 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zloader.exe

  • Size

    319KB

  • MD5

    5034b55a6c699f749cccefdaf5e0f9b6

  • SHA1

    ab45d5c6f15387452182628cb0a126842f695517

  • SHA256

    04fc25369aa79c99f817ec025ad70a5f4cd9e1503c499e5ec42ec5f92e23c9a4

  • SHA512

    b4323ecddf7fa46866fb3ff42ebaa9cb6cf7a86047058f4e8c11bd2e8b7963bd1e20d0d2e8b78b1a09188a5398af45fc0f295fc2ec7147e87b0249e3ae4c9eab

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3028
      • C:\Users\Admin\AppData\Local\Temp\zloader.exe
        "C:\Users\Admin\AppData\Local\Temp\zloader.exe"
        2⤵
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:4684
        • C:\Users\Admin\AppData\Local\Temp\zloader.exe
          "C:\Users\Admin\AppData\Local\Temp\zloader.exe"
          3⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3424
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec.exe
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2524

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\nsv60D4.tmp\System.dll
      MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

      SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

      SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

      SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

      Download Submit
    • memory/2524-5-0x0000000002E10000-0x0000000002E3C000-memory.dmp
      Filesize

      176KB

      Download
    • memory/2524-6-0x0000000000000000-mapping.dmp
      Download
    • memory/3424-1-0x0000000000400000-0x000000000042C000-memory.dmp
      Filesize

      176KB

      Download
    • memory/3424-2-0x0000000000405940-mapping.dmp
      Download
    • memory/3424-3-0x0000000000400000-0x000000000042C000-memory.dmp
      Filesize

      176KB

      Download