nloader | b8212f866c5cdf1a823031e24fe10444aab103d8fb55a25821e1c7c7366e580f | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows10_x64
resource
win10v20210410
submitted
06-05-2021 15:20

Sharing

Report Analysis Logs

General

Target

jahi1264.pn.dll
Size

39KB
MD5

0a8d825d553010e21a0ccaf054b74992
SHA1

b22a0d35636bda3b79e27f9abccef48905a5b025
SHA256

b8212f866c5cdf1a823031e24fe10444aab103d8fb55a25821e1c7c7366e580f
SHA512

910741f5583c2657c1ea496f9c99cf42ceb48c4b477f439396a0dd30707de61f814811a3d628c746bf0219b47a57f2ce44b7f119c729d7dd96f4e2d9d00d121c

Score

10^/10

nloader loader

Malware Config

Signatures

Nloader
Simple loader that includes the keyword 'campo' in the URL used to download other families.
loader nloader

Nloader Payload 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4456-115-0x0000000000CB0000-0x0000000000CB9000-memory.dmp	nloader
behavioral2/memory/4456-118-0x0000000010000000-0x0000000010007000-memory.dmp	nloader
behavioral2/memory/4456-120-0x0000000000D60000-0x0000000000D65000-memory.dmp	nloader
behavioral2/memory/4456-122-0x0000000000CA0000-0x0000000000CA6000-memory.dmp	nloader

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

7 4456 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4440 wrote to memory of 4456	4440	rundll32.exe	rundll32.exe
PID 4440 wrote to memory of 4456	4440	rundll32.exe	rundll32.exe
PID 4440 wrote to memory of 4456	4440	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\jahi1264.pn.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4440

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\jahi1264.pn.dll,#1
2⤵
- Blocklisted process makes network request
PID:4456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4456-114-0x0000000000000000-mapping.dmp

Download
memory/4456-115-0x0000000000CB0000-0x0000000000CB9000-memory.dmp

Filesize
36KB

Download
memory/4456-118-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/4456-120-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/4456-122-0x0000000000CA0000-0x0000000000CA6000-memory.dmp

Filesize
24KB

Download