Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
30-04-2021 20:02
Static task
static1
Behavioral task
behavioral1
Sample
e5480369_by_Libranalysis.dll
Resource
win7v20210408
General
-
Target
e5480369_by_Libranalysis.dll
-
Size
619KB
-
MD5
e54803695352cd8a46fb303f6d83c4f5
-
SHA1
246416a97b5d712495a17081456a3ceb4f6d2d2e
-
SHA256
5e0362037ebe9276b9a253a66c233be67bb6ceedec997e9bd0faa294091eb52c
-
SHA512
739de9da9b8755c34577801c4fa0b88a347012fc579a4ac4a4a2e6d4b1213e1ac585b1f1a9db59549693436eac6700ab57af4598ae0b3f2f8c32a86701f923fa
Malware Config
Extracted
zloader
nut
30/03
https://holacast.com/post.php
https://homeloansadvisor.in/post.php
https://hoteldonalala.com.mx/post.php
https://hotimobiliaria.com.br/post.php
https://hrdgschool.com/post.php
https://huloolcreations.com/post.php
https://hyundainhatrang.vn/post.php
https://iaikotasemarang.id/post.php
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 4436 wrote to memory of 4612 4436 regsvr32.exe regsvr32.exe PID 4436 wrote to memory of 4612 4436 regsvr32.exe regsvr32.exe PID 4436 wrote to memory of 4612 4436 regsvr32.exe regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4612-114-0x0000000000000000-mapping.dmp
-
memory/4612-115-0x0000000073C90000-0x0000000073CBB000-memory.dmpFilesize
172KB
-
memory/4612-116-0x0000000073C90000-0x0000000074234000-memory.dmpFilesize
5.6MB
-
memory/4612-117-0x0000000003200000-0x0000000003201000-memory.dmpFilesize
4KB