Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
05-03-2021 05:53
General
-
Target
rVuj5bF.bin.dll
-
Size
403KB
-
MD5
4e9d3907d80cfe903df735b855d5eaeb
-
SHA1
3fcc74d0b646e8324f0a4cf4708890a8261f3e84
-
SHA256
280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938
-
SHA512
672b8b0dd776ff156504e55c171fe035e5aac7b1b48ae785973113648717317eb611acbcc6141c5ab6c0096c4f41c24c335d957afbca1fddcf15dfde9750361f
Score
10/10
Malware Config
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request 15 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\rVuj5bF.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\rVuj5bF.bin.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3728-5-0x0000000000000000-mapping.dmp
-
memory/3728-6-0x0000000002C80000-0x0000000002CAB000-memory.dmpFilesize
172KB
-
memory/3944-2-0x0000000000000000-mapping.dmp
-
memory/3944-3-0x0000000072B10000-0x0000000072B3B000-memory.dmpFilesize
172KB
-
memory/3944-4-0x00000000007A0000-0x00000000007A1000-memory.dmpFilesize
4KB