Analysis
-
max time kernel
50s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-04-2021 13:50
Behavioral task
behavioral1
Sample
ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d.dll
Resource
win10v20210408
General
-
Target
ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d.dll
-
Size
527KB
-
MD5
9d19acb3d8bc7578715d85c03ff10014
-
SHA1
9e199d963983bf92e3b2f3d08d9b4817af567748
-
SHA256
ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d
-
SHA512
19749d3a7ba8ca043897af061d8f7f8dbe6b6f34df698ccba7b0ac31b57ec5918b7d8d193dd9dd50f072d4ff218c07f6c23eb3f5153451a5774b8c8db3b9ad9c
Malware Config
Extracted
zloader
main
10.05.2020
https://sigmark.org/sound.php
https://perditta.org/sound.php
https://dentatox.org/sound.php
https://flopperos.org/sound.php
https://teslatis.org/sound.php
https://teamper.org/sound.php
https://gilantec.org/sound.php
https://trebitmore.org/sound.php
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 664 wrote to memory of 1036 664 rundll32.exe rundll32.exe PID 664 wrote to memory of 1036 664 rundll32.exe rundll32.exe PID 664 wrote to memory of 1036 664 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d.dll,#12⤵