Analysis
-
max time kernel
39s -
max time network
146s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
06-11-2020 17:06
General
-
Target
4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab.dll
-
Size
524KB
-
MD5
4aa199c19c28cd1d176b7f6ff59bd713
-
SHA1
ec321c45f365ad178bbbef4f873578ffc52b6114
-
SHA256
4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab
-
SHA512
b764a3378677a4d7ceba3d57442b98028581c0c2841bdac287c5caced0f350638a2c1c0a6136873d29627420b208789873c0d5a5ad4d28e3f1e3758e3a12a6f5
Malware Config
Extracted
zloader
googleaktualizacija
googleaktualizacija1
https://iqowijsdakm.ru/gate.php
https://wiewjdmkfjn.ru/gate.php
https://dksaoidiakjd.su/gate.php
https://iweuiqjdakjd.su/gate.php
https://yuidskadjna.su/gate.php
https://olksmadnbdj.su/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1512-2-0x0000000000090000-0x0000000000091000-memory.dmpFilesize
4KB
-
memory/1512-1-0x0000000000120000-0x0000000000146000-memory.dmpFilesize
152KB
-
memory/1512-3-0x0000000000120000-0x0000000000146000-memory.dmpFilesize
152KB
-
memory/1512-4-0x0000000000000000-mapping.dmp
-
memory/1652-5-0x000007FEF7DF0000-0x000007FEF806A000-memory.dmpFilesize
2.5MB
-
memory/1852-0-0x0000000000000000-mapping.dmp